Update external polarssl to 1.3.8

There were some fixes back on March 13th, 2014 for fixing compiling on MIPS64.
Also some fixes on June 25th, 2014 for SPARC64 fixes.

Probably more things, but those are what I care about.
This commit is contained in:
Ryan Houdek 2014-09-08 01:58:33 -05:00
parent 6ea82790ba
commit a48e284317
130 changed files with 12346 additions and 4632 deletions

View File

@ -1,34 +1,49 @@
cmake_minimum_required(VERSION 2.6)
project(POLARSSL C)
string(REGEX MATCH "clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER}")
string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}")
if(CMAKE_COMPILER_IS_GNUCC)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O2 -Wall -Wextra -W -Wdeclaration-after-statement")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement")
set(CMAKE_C_FLAGS_RELEASE "-O2")
set(CMAKE_C_FLAGS_DEBUG "-g3 -O0")
set(CMAKE_C_FLAGS_COVERAGE "-g3 -O0 -fprofile-arcs -ftest-coverage -lgcov")
set(CMAKE_C_FLAGS_CHECK "${CMAKE_C_FLAGS} -Werror -Wlogical-op -Wwrite-strings")
set(CMAKE_C_FLAGS_COVERAGE "-g3 -O0 --coverage")
set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-omit-frame-pointer -g3 -O1")
set(CMAKE_C_FLAGS_CHECK "${CMAKE_C_FLAGS} -Werror -O1 -Wlogical-op -Wwrite-strings")
set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS_CHECK} -Wcast-qual")
endif(CMAKE_COMPILER_IS_GNUCC)
if(CMAKE_COMPILER_IS_CLANG)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O2 -Wall -Wextra -W -Wdeclaration-after-statement")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement")
set(CMAKE_C_FLAGS_RELEASE "-O2")
set(CMAKE_C_FLAGS_DEBUG "-g3 -O0")
set(CMAKE_C_FLAGS_CHECK "${CMAKE_C_FLAGS} -Werror -Wpointer-arith -Wwrite-strings -Wdocumentation")
set(CMAKE_C_FLAGS_COVERAGE "-g3 -O0 --coverage")
set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-omit-frame-pointer -g3 -O1")
set(CMAKE_C_FLAGS_CHECK "${CMAKE_C_FLAGS} -Werror -O1 -Wpointer-arith -Wwrite-strings -Wdocumentation -Wunreachable-code")
endif(CMAKE_COMPILER_IS_CLANG)
set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE}
CACHE STRING "Choose the type of build: None Debug Release Coverage Check CheckFull"
CACHE STRING "Choose the type of build: None Debug Release Coverage ASan Check CheckFull"
FORCE)
if(CMAKE_BUILD_TYPE STREQUAL "Coverage")
if(CMAKE_COMPILER_IS_GNUCC)
set(CMAKE_SHARED_LINKER_FLAGS "-fprofile-arcs -ftest-coverage")
set(CMAKE_SHARED_LINKER_FLAGS "--coverage")
endif(CMAKE_COMPILER_IS_GNUCC)
if(CMAKE_COMPILER_IS_CLANG)
set(CMAKE_SHARED_LINKER_FLAGS "--coverage")
endif(CMAKE_COMPILER_IS_CLANG)
endif(CMAKE_BUILD_TYPE STREQUAL "Coverage")
option(USE_PKCS11_HELPER_LIBRARY "Build PolarSSL with the pkcs11-helper library." OFF)
option(ENABLE_ZLIB_SUPPORT "Build PolarSSL with zlib library." OFF)
option(ENABLE_PROGRAMS "Build PolarSSL programs." OFF)
option(ENABLE_TESTING "Build PolarSSL tests." OFF)
if(ENABLE_TESTING)
enable_testing()
endif()
if(LIB_INSTALL_DIR)
else()
@ -41,8 +56,56 @@ if(ENABLE_ZLIB_SUPPORT)
find_package(ZLIB)
if(ZLIB_FOUND)
include_directories(ZLIB_INCLUDE_DIR)
include_directories(${ZLIB_INCLUDE_DIR})
endif(ZLIB_FOUND)
endif(ENABLE_ZLIB_SUPPORT)
add_subdirectory(library)
add_subdirectory(include)
if(ENABLE_TESTING)
if(CMAKE_COMPILER_IS_GNUCC)
add_subdirectory(tests)
endif(CMAKE_COMPILER_IS_GNUCC)
if(CMAKE_COMPILER_IS_CLANG)
add_subdirectory(tests)
endif(CMAKE_COMPILER_IS_CLANG)
endif()
if(ENABLE_PROGRAMS)
add_subdirectory(programs)
endif()
ADD_CUSTOM_TARGET(apidoc
COMMAND doxygen doxygen/polarssl.doxyfile
WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
if(ENABLE_TESTING)
ADD_CUSTOM_TARGET(test-ref-config
COMMAND tests/scripts/test-ref-configs.pl
)
ADD_CUSTOM_TARGET(covtest
COMMAND make test
COMMAND programs/test/selftest
COMMAND cd tests && ./compat.sh
COMMAND cd tests && ./ssl-opt.sh
)
ADD_CUSTOM_TARGET(lcov
COMMAND rm -rf Coverage
COMMAND lcov --capture --initial --directory library/CMakeFiles/polarssl.dir -o files.info
COMMAND lcov --capture --directory library/CMakeFiles/polarssl.dir -o tests.info
COMMAND lcov --add-tracefile files.info --add-tracefile tests.info -o all.info
COMMAND lcov --remove all.info -o final.info '*.h'
COMMAND gendesc tests/Descriptions.txt -o descriptions
COMMAND genhtml --title PolarSSL --description-file descriptions --keep-descriptions --legend --no-branch-coverage -o Coverage final.info
COMMAND rm -f files.info tests.info all.info final.info descriptions
)
ADD_CUSTOM_TARGET(memcheck
COMMAND ctest -O memcheck.log -D ExperimentalMemCheck
COMMAND tail -n1 memcheck.log | grep 'Memory checking results:' > /dev/null
COMMAND rm -f memcheck.log
)
endif()

View File

@ -1,5 +1,219 @@
PolarSSL ChangeLog (Sorted per branch, date)
= PolarSSL 1.3.8 released 2014-07-11
Security
* Fix length checking for AEAD ciphersuites (found by Codenomicon).
It was possible to crash the server (and client) using crafted messages
when a GCM suite was chosen.
Features
* Add CCM module and cipher mode to Cipher Layer
* Support for CCM and CCM_8 ciphersuites
* Support for parsing and verifying RSASSA-PSS signatures in the X.509
modules (certificates, CRLs and CSRs).
* Blowfish in the cipher layer now supports variable length keys.
* Add example config.h for PSK with CCM, optimized for low RAM usage.
* Optimize for RAM usage in example config.h for NSA Suite B profile.
* Add POLARSSL_REMOVE_ARC4_CIPHERSUITES to allow removing RC4 ciphersuites
from the default list (inactive by default).
* Add server-side enforcement of sent renegotiation requests
(ssl_set_renegotiation_enforced())
* Add SSL_CIPHERSUITES config.h flag to allow specifying a list of
ciphersuites to use and save some memory if the list is small.
Changes
* Add LINK_WITH_PTHREAD option in CMake for explicit linking that is
required on some platforms (e.g. OpenBSD)
* Migrate zeroizing of data to polarssl_zeroize() instead of memset()
against unwanted compiler optimizations
* md_list() now returns hashes strongest first
* Selection of hash for signing ServerKeyExchange in TLS 1.2 now picks
strongest offered by client.
* All public contexts have _init() and _free() functions now for simpler
usage pattern
Bugfix
* Fix in debug_print_msg()
* Enforce alignment in the buffer allocator even if buffer is not aligned
* Remove less-than-zero checks on unsigned numbers
* Stricter check on SSL ClientHello internal sizes compared to actual packet
size (found by TrustInSoft)
* Fix WSAStartup() return value check (found by Peter Vaskovic)
* Other minor issues (found by Peter Vaskovic)
* Fix symlink command for cross compiling with CMake (found by Andre
Heinecke)
* Fix DER output of gen_key app (found by Gergely Budai)
* Very small records were incorrectly rejected when truncated HMAC was in
use with some ciphersuites and versions (RC4 in all versions, CBC with
versions < TLS 1.1).
* Very large records using more than 224 bytes of padding were incorrectly
rejected with CBC-based ciphersuites and TLS >= 1.1
* Very large records using less padding could cause a buffer overread of up
to 32 bytes with CBC-based ciphersuites and TLS >= 1.1
* Restore ability to use a v1 cert as a CA if trusted locally. (This had
been removed in 1.3.6.)
* Restore ability to locally trust a self-signed cert that is not a proper
CA for use as an end entity certificate. (This had been removed in
1.3.6.)
* Fix preprocessor checks for bn_mul PPC asm (found by Barry K. Nathan).
* Use \n\t rather than semicolons for bn_mul asm, since some assemblers
interpret semicolons as comment delimiters (found by Barry K. Nathan).
* Fix off-by-one error in parsing Supported Point Format extension that
caused some handshakes to fail.
* Fix possible miscomputation of the premaster secret with DHE-PSK key
exchange that caused some handshakes to fail with other implementations.
(Failure rate <= 1/255 with common DHM moduli.)
* Disable broken Sparc64 bn_mul assembly (found by Florian Obser).
* Fix base64_decode() to return and check length correctly (in case of
tight buffers)
* Fix mpi_write_string() to write "00" as hex output for empty MPI (found
by Hui Dong)
= PolarSSL 1.3.7 released on 2014-05-02
Features
* debug_set_log_mode() added to determine raw or full logging
* debug_set_threshold() added to ignore messages over threshold level
* version_check_feature() added to check for compile-time options at
run-time
Changes
* POLARSSL_CONFIG_OPTIONS has been removed. All values are individually
checked and filled in the relevant module headers
* Debug module only outputs full lines instead of parts
* Better support for the different Attribute Types from IETF PKIX (RFC 5280)
* AES-NI now compiles with "old" assemblers too
* Ciphersuites based on RC4 now have the lowest priority by default
Bugfix
* Only iterate over actual certificates in ssl_write_certificate_request()
(found by Matthew Page)
* Typos in platform.c and pkcs11.c (found by Daniel Phillips and Steffan
Karger)
* cert_write app should use subject of issuer certificate as issuer of cert
* Fix false reject in padding check in ssl_decrypt_buf() for CBC
ciphersuites, for full SSL frames of data.
* Improve interoperability by not writing extension length in ClientHello /
ServerHello when no extensions are present (found by Matthew Page)
* rsa_check_pubkey() now allows an E up to N
* On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings
* mpi_fill_random() was creating numbers larger than requested on
big-endian platform when size was not an integer number of limbs
* Fix dependencies issues in X.509 test suite.
* Some parts of ssl_tls.c were compiled even when the module was disabled.
* Fix detection of DragonflyBSD in net.c (found by Markus Pfeiffer)
* Fix detection of Clang on some Apple platforms with CMake
(found by Barry K. Nathan)
= PolarSSL 1.3.6 released on 2014-04-11
Features
* Support for the ALPN SSL extension
* Add option 'use_dev_random' to gen_key application
* Enable verification of the keyUsage extension for CA and leaf
certificates (POLARSSL_X509_CHECK_KEY_USAGE)
* Enable verification of the extendedKeyUsage extension
(POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE)
Changes
* x509_crt_info() now prints information about parsed extensions as well
* pk_verify() now returns a specific error code when the signature is valid
but shorter than the supplied length.
* Use UTC time to check certificate validity.
* Reject certificates with times not in UTC, per RFC 5280.
Security
* Avoid potential timing leak in ecdsa_sign() by blinding modular division.
(Found by Watson Ladd.)
* The notAfter date of some certificates was no longer checked since 1.3.5.
This affects certificates in the user-supplied chain except the top
certificate. If the user-supplied chain contains only one certificates,
it is not affected (ie, its notAfter date is properly checked).
* Prevent potential NULL pointer dereference in ssl_read_record() (found by
TrustInSoft)
Bugfix
* The length of various ClientKeyExchange messages was not properly checked.
* Some example server programs were not sending the close_notify alert.
* Potential memory leak in mpi_exp_mod() when error occurs during
calculation of RR.
* Fixed malloc/free default #define in platform.c (found by Gergely Budai).
* Fixed type which made POLARSSL_ENTROPY_FORCE_SHA256 uneffective (found by
Gergely Budai).
* Fix #include path in ecdsa.h which wasn't accepted by some compilers.
(found by Gergely Budai)
* Fix compile errors when POLARSSL_ERROR_STRERROR_BC is undefined (found by
Shuo Chen).
* oid_get_numeric_string() used to truncate the output without returning an
error if the output buffer was just 1 byte too small.
* dhm_parse_dhm() (hence dhm_parse_dhmfile()) did not set dhm->len.
* Calling pk_debug() on an RSA-alt key would segfault.
* pk_get_size() and pk_get_len() were off by a factor 8 for RSA-alt keys.
* Potential buffer overwrite in pem_write_buffer() because of low length
indication (found by Thijs Alkemade)
* EC curves constants, which should be only in ROM since 1.3.3, were also
stored in RAM due to missing 'const's (found by Gergely Budai).
= PolarSSL 1.3.5 released on 2014-03-26
Features
* HMAC-DRBG as a separate module
* Option to set the Curve preference order (disabled by default)
* Single Platform compatilibity layer (for memory / printf / fprintf)
* Ability to provide alternate timing implementation
* Ability to force the entropy module to use SHA-256 as its basis
(POLARSSL_ENTROPY_FORCE_SHA256)
* Testing script ssl-opt.sh added for testing 'live' ssl option
interoperability against OpenSSL and PolarSSL
* Support for reading EC keys that use SpecifiedECDomain in some cases.
* Entropy module now supports seed writing and reading
Changes
* Deprecated the Memory layer
* entropy_add_source(), entropy_update_manual() and entropy_gather()
now thread-safe if POLARSSL_THREADING_C defined
* Improvements to the CMake build system, contributed by Julian Ospald.
* Work around a bug of the version of Clang shipped by Apple with Mavericks
that prevented bignum.c from compiling. (Reported by Rafael Baptista.)
* Revamped the compat.sh interoperatibility script to include support for
testing against GnuTLS
* Deprecated ssl_set_own_cert_rsa() and ssl_set_own_cert_rsa_alt()
* Improvements to tests/Makefile, contributed by Oden Eriksson.
Security
* Forbid change of server certificate during renegotiation to prevent
"triple handshake" attack when authentication mode is 'optional' (the
attack was already impossible when authentication is required).
* Check notBefore timestamp of certificates and CRLs from the future.
* Forbid sequence number wrapping
* Fixed possible buffer overflow with overlong PSK
* Possible remotely-triggered out-of-bounds memory access fixed (found by
TrustInSoft)
Bugfix
* ecp_gen_keypair() does more tries to prevent failure because of
statistics
* Fixed bug in RSA PKCS#1 v1.5 "reversed" operations
* Fixed testing with out-of-source builds using cmake
* Fixed version-major intolerance in server
* Fixed CMake symlinking on out-of-source builds
* Fixed dependency issues in test suite
* Programs rsa_sign_pss and rsa_verify_pss were not using PSS since 1.3.0
* Bignum's MIPS-32 assembly was used on MIPS-64, causing chaos. (Found by
Alex Wilson.)
* ssl_cache was creating entries when max_entries=0 if TIMING_C was enabled.
* m_sleep() was sleeping twice too long on most Unix platforms.
* Fixed bug with session tickets and non-blocking I/O in the unlikely case
send() would return an EAGAIN error when sending the ticket.
* ssl_cache was leaking memory when reusing a timed out entry containing a
client certificate.
* ssl_srv was leaking memory when client presented a timed out ticket
containing a client certificate
* ssl_init() was leaving a dirty pointer in ssl_context if malloc of
out_ctr failed
* ssl_handshake_init() was leaving dirty pointers in subcontexts if malloc
of one of them failed
* Fix typo in rsa_copy() that impacted PKCS#1 v2 contexts
* x509_get_current_time() uses localtime_r() to prevent thread issues
= PolarSSL 1.3.4 released on 2014-01-27
Features
* Support for the Koblitz curves: secp192k1, secp224k1, secp256k1
@ -166,6 +380,76 @@ Security
* RSA blinding on CRT operations to counter timing attacks
(found by Cyril Arnaud and Pierre-Alain Fouque)
= Version 1.2.11 released 2014-07-11
Features
* Entropy module now supports seed writing and reading
Changes
* Introduced POLARSSL_HAVE_READDIR_R for systems without it
* Improvements to the CMake build system, contributed by Julian Ospald.
* Work around a bug of the version of Clang shipped by Apple with Mavericks
that prevented bignum.c from compiling. (Reported by Rafael Baptista.)
* Improvements to tests/Makefile, contributed by Oden Eriksson.
* Use UTC time to check certificate validity.
* Reject certificates with times not in UTC, per RFC 5280.
* Migrate zeroizing of data to polarssl_zeroize() instead of memset()
against unwanted compiler optimizations
Security
* Forbid change of server certificate during renegotiation to prevent
"triple handshake" attack when authentication mode is optional (the
attack was already impossible when authentication is required).
* Check notBefore timestamp of certificates and CRLs from the future.
* Forbid sequence number wrapping
* Prevent potential NULL pointer dereference in ssl_read_record() (found by
TrustInSoft)
* Fix length checking for AEAD ciphersuites (found by Codenomicon).
It was possible to crash the server (and client) using crafted messages
when a GCM suite was chosen.
Bugfix
* Fixed X.509 hostname comparison (with non-regular characters)
* SSL now gracefully handles missing RNG
* crypt_and_hash app checks MAC before final decryption
* Fixed x509_crt_parse_path() bug on Windows platforms
* Added missing MPI_CHK() around some statements in mpi_div_mpi() (found by
TrustInSoft)
* Fixed potential overflow in certificate size verification in
ssl_write_certificate() (found by TrustInSoft)
* Fix ASM format in bn_mul.h
* Potential memory leak in bignum_selftest()
* Replaced expired test certificate
* ssl_mail_client now terminates lines with CRLF, instead of LF
* Fix bug in RSA PKCS#1 v1.5 "reversed" operations
* Fixed testing with out-of-source builds using cmake
* Fixed version-major intolerance in server
* Fixed CMake symlinking on out-of-source builds
* Bignum's MIPS-32 assembly was used on MIPS-64, causing chaos. (Found by
Alex Wilson.)
* ssl_init() was leaving a dirty pointer in ssl_context if malloc of
out_ctr failed
* ssl_handshake_init() was leaving dirty pointers in subcontexts if malloc
of one of them failed
* x509_get_current_time() uses localtime_r() to prevent thread issues
* Some example server programs were not sending the close_notify alert.
* Potential memory leak in mpi_exp_mod() when error occurs during
calculation of RR.
* Improve interoperability by not writing extension length in ClientHello
when no extensions are present (found by Matthew Page)
* rsa_check_pubkey() now allows an E up to N
* On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings
* mpi_fill_random() was creating numbers larger than requested on
big-endian platform when size was not an integer number of limbs
* Fix detection of DragonflyBSD in net.c (found by Markus Pfeiffer)
* Stricter check on SSL ClientHello internal sizes compared to actual packet
size (found by TrustInSoft)
* Fix preprocessor checks for bn_mul PPC asm (found by Barry K. Nathan).
* Use \n\t rather than semicolons for bn_mul asm, since some assemblers
interpret semicolons as comment delimiters (found by Barry K. Nathan).
* Disable broken Sparc64 bn_mul assembly (found by Florian Obser).
* Fix base64_decode() to return and check length correctly (in case of
tight buffers)
= Version 1.2.10 released 2013-10-07
Changes
* Changed RSA blinding to a slower but thread-safe version

View File

@ -9,7 +9,7 @@ There are currently three active build systems within the PolarSSL releases:
- Make
- CMake
- Microsoft Visual Studio
- Microsoft Visual Studio (Visual Studio 6 and Visual Studio 2010)
The main system used for development is CMake. That system is always the most up-to-date. The others should reflect all changes present in the CMake build system, but some features are not ported there by default.
@ -18,11 +18,11 @@ Make
We intentionally only use the absolute minimum of **Make** functionality, as we have discovered that a lot of **Make** features are not supported on all different implementations of Make on different platforms. As such, the Makefiles sometimes require some handwork or `export` statements in order to work for your platform.
In order to build the source using Make, just enter at the command line:
In order to build the source using Make, just enter at the command line::
make
In order to run the tests, enter:
In order to run the tests, enter::
make check
@ -33,13 +33,13 @@ In case you find that you need to do something else as well, please let us know
CMake
-----
In order to build the source using CMake, just enter at the command line:
In order to build the source using CMake, just enter at the command line::
cmake .
make
There are 3 different active build modes specified within the CMake buildsystem:
There are 5 different active build modes specified within the CMake buildsystem:
- Release.
This generates the default code without any unnecessary information in the binary files.
@ -47,19 +47,23 @@ There are 3 different active build modes specified within the CMake buildsystem:
This generates debug information and disables optimization of the code.
- Coverage.
This generates code coverage information in addition to debug information.
- ASan.
This instruments the code with AddressSanitizer to check for memory errors.
- Check.
This activates more compiler warnings and treats them as errors.
Switching build modes in CMake is simple. For debug mode, enter at the command line:
cmake -D CMAKE_BUILD_TYPE:String="Debug" .
In order to run the tests, enter:
In order to run the tests, enter::
make test
Microsoft Visual Studio
-----------------------
The build files for Microsoft Visual Studio are generated for Visual Studio 6.0 all future Visual Studio's should be able to open and use this older version of the build files.
The build files for Microsoft Visual Studio are generated for Visual Studio 6.0 and Visual Studio 2010.
The workspace 'polarssl.dsw' contains all the basic projects needed to build the library and all the programs. The files in tests are not generated and compiled, as these need a perl environment as well.
@ -71,11 +75,24 @@ We've included example programs for a lot of different features and uses in *pro
Tests
=====
PolarSSL includes a elaborate test suite in *tests/* that initially requires Perl to generate the tests files (e.g. *test_suite_mpi.c*). These files are generates from a **function file** (e.g. *suites/test_suite_mpi.function*) and a **data file** (e.g. *suites/test_suite_mpi.data*). The **function file** contains the template for each test function. The **data file** contains the test cases, specified as parameters that should be pushed into a template function.
PolarSSL includes an elaborate test suite in *tests/* that initially requires Perl to generate the tests files (e.g. *test_suite_mpi.c*). These files are generates from a **function file** (e.g. *suites/test_suite_mpi.function*) and a **data file** (e.g. *suites/test_suite_mpi.data*). The **function file** contains the template for each test function. The **data file** contains the test cases, specified as parameters that should be pushed into a template function.
Configurations
==============
We provide some non-standard configurations focused on specific use cases in the configs/ directory. You can read more about those in configs/README.txt
Contributing
============
We graciously accept bugs and contributions from the community. There are some requirements we need to fulfil in order to be able to integrate contributions in the main code.
Simple bug fixes to existing code do not contain copyright themselves and we can integrate those without any issue. The same goes for trivial contributions.
For larger contributions, e.g. a new feature, the code possible falls under copyright law. We then need your consent to share in the ownership of the copyright. We have a form for that, which we will mail to you in case you submit a contribution or pull request that we deem this necessary for.
Process
-------
#. `Check for open issues <https://github.com/polarssl/polarssl/issues>`_ or
`start a discussion <https://polarssl.org/discussions>`_ around a feature
idea or a bug.

View File

@ -3,7 +3,7 @@
*
* \brief AES block cipher
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -27,7 +27,11 @@
#ifndef POLARSSL_AES_H
#define POLARSSL_AES_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include <string.h>
@ -69,6 +73,20 @@ typedef struct
}
aes_context;
/**
* \brief Initialize AES context
*
* \param ctx AES context to be initialized
*/
void aes_init( aes_context *ctx );
/**
* \brief Clear AES context
*
* \param ctx AES context to be cleared
*/
void aes_free( aes_context *ctx );
/**
* \brief AES key schedule (encryption)
*
@ -78,7 +96,8 @@ aes_context;
*
* \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH
*/
int aes_setkey_enc( aes_context *ctx, const unsigned char *key, unsigned int keysize );
int aes_setkey_enc( aes_context *ctx, const unsigned char *key,
unsigned int keysize );
/**
* \brief AES key schedule (decryption)
@ -89,7 +108,8 @@ int aes_setkey_enc( aes_context *ctx, const unsigned char *key, unsigned int key
*
* \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH
*/
int aes_setkey_dec( aes_context *ctx, const unsigned char *key, unsigned int keysize );
int aes_setkey_dec( aes_context *ctx, const unsigned char *key,
unsigned int keysize );
/**
* \brief AES-ECB block encryption/decryption
@ -129,6 +149,7 @@ int aes_crypt_cbc( aes_context *ctx,
unsigned char *output );
#endif /* POLARSSL_CIPHER_MODE_CBC */
#if defined(POLARSSL_CIPHER_MODE_CFB)
/**
* \brief AES-CFB128 buffer encryption/decryption.
*
@ -176,7 +197,9 @@ int aes_crypt_cfb8( aes_context *ctx,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output );
#endif /*POLARSSL_CIPHER_MODE_CFB */
#if defined(POLARSSL_CIPHER_MODE_CTR)
/**
* \brief AES-CTR buffer encryption/decryption
*
@ -206,6 +229,7 @@ int aes_crypt_ctr( aes_context *ctx,
unsigned char stream_block[16],
const unsigned char *input,
unsigned char *output );
#endif /* POLARSSL_CIPHER_MODE_CTR */
#ifdef __cplusplus
}

View File

@ -3,7 +3,7 @@
*
* \brief The ARCFOUR stream cipher
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -27,7 +27,11 @@
#ifndef POLARSSL_ARC4_H
#define POLARSSL_ARC4_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include <string.h>
@ -51,13 +55,28 @@ typedef struct
arc4_context;
/**
* \brief ARC4 key schedule
* \brief Initialize ARC4 context
*
* \param ctx ARC4 context to be initialized
*/
void arc4_init( arc4_context *ctx );
/**
* \brief Clear ARC4 context
*
* \param ctx ARC4 context to be cleared
*/
void arc4_free( arc4_context *ctx );
/**
* \brief ARC4 key schedule
*
* \param ctx ARC4 context to be setup
* \param key the secret key
* \param keylen length of the key, in bytes
*/
void arc4_setup( arc4_context *ctx, const unsigned char *key, unsigned int keylen );
void arc4_setup( arc4_context *ctx, const unsigned char *key,
unsigned int keylen );
/**
* \brief ARC4 cipher function

View File

@ -27,7 +27,11 @@
#ifndef POLARSSL_ASN1_H
#define POLARSSL_ASN1_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_BIGNUM_C)
#include "bignum.h"
@ -93,9 +97,13 @@
/** Returns the size of the binary string, without the trailing \\0 */
#define OID_SIZE(x) (sizeof(x) - 1)
/** Compares two asn1_buf structures for the same OID. Only works for
* 'defined' oid_str values (OID_HMAC_SHA1), you cannot use a 'unsigned
* char *oid' here!
/**
* Compares an asn1_buf structure to a reference OID.
*
* Only works for 'defined' oid_str values (OID_HMAC_SHA1), you cannot use a
* 'unsigned char *oid' here!
*
* Warning: returns true when the OIDs are equal (unlike memcmp)!
*/
#define OID_CMP(oid_str, oid_buf) \
( ( OID_SIZE(oid_str) == (oid_buf)->len ) && \
@ -270,7 +278,7 @@ int asn1_get_sequence_of( unsigned char **p,
int asn1_get_mpi( unsigned char **p,
const unsigned char *end,
mpi *X );
#endif
#endif /* POLARSSL_BIGNUM_C */
/**
* \brief Retrieve an AlgorithmIdentifier ASN.1 sequence.

View File

@ -3,7 +3,7 @@
*
* \brief ASN.1 buffer writing functionality
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -29,7 +29,8 @@
#include "asn1.h"
#define ASN1_CHK_ADD(g, f) do { if( ( ret = f ) < 0 ) return( ret ); else g += ret; } while( 0 )
#define ASN1_CHK_ADD(g, f) do { if( ( ret = f ) < 0 ) return( ret ); else \
g += ret; } while( 0 )
#ifdef __cplusplus
extern "C" {
@ -57,7 +58,8 @@ int asn1_write_len( unsigned char **p, unsigned char *start, size_t len );
*
* \return the length written or a negative error code
*/
int asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag );
int asn1_write_tag( unsigned char **p, unsigned char *start,
unsigned char tag );
/**
* \brief Write raw buffer data
@ -85,7 +87,7 @@ int asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
* \return the length written or a negative error code
*/
int asn1_write_mpi( unsigned char **p, unsigned char *start, mpi *X );
#endif
#endif /* POLARSSL_BIGNUM_C */
/**
* \brief Write a NULL tag (ASN1_NULL) with zero data in ASN.1 format

View File

@ -3,7 +3,7 @@
*
* \brief Multi-precision integer library
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -30,7 +30,11 @@
#include <stdio.h>
#include <string.h>
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
#include <basetsd.h>
@ -47,7 +51,7 @@ typedef UINT32 uint32_t;
typedef UINT64 uint64_t;
#else
#include <inttypes.h>
#endif
#endif /* _MSC_VER && !EFIX64 && !EFI32 */
#define POLARSSL_ERR_MPI_FILE_IO_ERROR -0x0002 /**< An error occurred while reading from or writing to a file. */
#define POLARSSL_ERR_MPI_BAD_INPUT_DATA -0x0004 /**< Bad input parameters to function. */
@ -65,7 +69,7 @@ typedef UINT64 uint64_t;
*/
#define POLARSSL_MPI_MAX_LIMBS 10000
#if !defined(POLARSSL_CONFIG_OPTIONS)
#if !defined(POLARSSL_MPI_WINDOW_SIZE)
/*
* Maximum window size used for modular exponentiation. Default: 6
* Minimum value: 1. Maximum value: 6.
@ -76,7 +80,9 @@ typedef UINT64 uint64_t;
* Reduction in size, reduces speed.
*/
#define POLARSSL_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */
#endif /* !POLARSSL_MPI_WINDOW_SIZE */
#if !defined(POLARSSL_MPI_MAX_SIZE)
/*
* Maximum size of MPIs allowed in bits and bytes for user-MPIs.
* ( Default: 512 bytes => 4096 bits, Maximum tested: 2048 bytes => 16384 bits )
@ -85,8 +91,7 @@ typedef UINT64 uint64_t;
* of limbs required (POLARSSL_MPI_MAX_LIMBS) is higher.
*/
#define POLARSSL_MPI_MAX_SIZE 512 /**< Maximum number of bytes for usable MPIs. */
#endif /* !POLARSSL_CONFIG_OPTIONS */
#endif /* !POLARSSL_MPI_MAX_SIZE */
#define POLARSSL_MPI_MAX_BITS ( 8 * POLARSSL_MPI_MAX_SIZE ) /**< Maximum number of bits for usable MPIs. */
@ -129,7 +134,7 @@ typedef uint32_t t_udbl;
#else
/*
* 32-bit integers can be forced on 64-bit arches (eg. for testing purposes)
* by defining POLARSSL_HAVE_INT32 and undefining POARSSL_HAVE_ASM
* by defining POLARSSL_HAVE_INT32 and undefining POLARSSL_HAVE_ASM
*/
#if ( ! defined(POLARSSL_HAVE_INT32) && \
defined(_MSC_VER) && defined(_M_AMD64) )
@ -162,8 +167,8 @@ typedef uint32_t t_udbl;
#define POLARSSL_HAVE_UDBL
#endif
#endif
#endif
#endif
#endif /* !POLARSSL_HAVE_INT32 && __GNUC__ && 64-bit platform */
#endif /* !POLARSSL_HAVE_INT32 && _MSC_VER && _M_AMD64 */
#endif /* POLARSSL_HAVE_INT16 */
#endif /* POLARSSL_HAVE_INT8 */
@ -409,7 +414,9 @@ int mpi_write_file( const char *p, const mpi *X, int radix, FILE *fout );
int mpi_read_binary( mpi *X, const unsigned char *buf, size_t buflen );
/**
* \brief Export X into unsigned binary data, big endian
* \brief Export X into unsigned binary data, big endian.
* Always fills the whole buffer, which will start with zeros
* if the number is smaller.
*
* \param X Source MPI
* \param buf Output buffer
@ -648,8 +655,8 @@ int mpi_mod_int( t_uint *r, const mpi *A, t_sint b );
*
* \return 0 if successful,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
* POLARSSL_ERR_MPI_BAD_INPUT_DATA if N is negative or even or if
* E is negative
* POLARSSL_ERR_MPI_BAD_INPUT_DATA if N is negative or even or
* if E is negative
*
* \note _RR is used to avoid re-computing R*R mod N across
* multiple calls, which speeds up things a bit. It can
@ -717,7 +724,8 @@ int mpi_is_prime( mpi *X,
* \brief Prime number generation
*
* \param X Destination MPI
* \param nbits Required size of X in bits ( 3 <= nbits <= POLARSSL_MPI_MAX_BITS )
* \param nbits Required size of X in bits
* ( 3 <= nbits <= POLARSSL_MPI_MAX_BITS )
* \param dh_flag If 1, then (X-1)/2 will be prime too
* \param f_rng RNG function
* \param p_rng RNG parameter

View File

@ -3,7 +3,7 @@
*
* \brief Blowfish block cipher
*
* Copyright (C) 2012-2013, Brainspark B.V.
* Copyright (C) 2012-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -27,7 +27,11 @@
#ifndef POLARSSL_BLOWFISH_H
#define POLARSSL_BLOWFISH_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include <string.h>
@ -42,7 +46,7 @@ typedef UINT32 uint32_t;
#define BLOWFISH_DECRYPT 0
#define BLOWFISH_MAX_KEY 448
#define BLOWFISH_MIN_KEY 32
#define BLOWFISH_ROUNDS 16 /* when increasing this value, make sure to extend the initialisation vectors */
#define BLOWFISH_ROUNDS 16 /**< Rounds to use. When increasing this value, make sure to extend the initialisation vectors */
#define BLOWFISH_BLOCKSIZE 8 /* Blowfish uses 64 bit blocks */
#define POLARSSL_ERR_BLOWFISH_INVALID_KEY_LENGTH -0x0016 /**< Invalid key length. */
@ -66,6 +70,20 @@ typedef struct
}
blowfish_context;
/**
* \brief Initialize Blowfish context
*
* \param ctx Blowfish context to be initialized
*/
void blowfish_init( blowfish_context *ctx );
/**
* \brief Clear Blowfish context
*
* \param ctx Blowfish context to be cleared
*/
void blowfish_free( blowfish_context *ctx );
/**
* \brief Blowfish key schedule
*
@ -75,7 +93,8 @@ blowfish_context;
*
* \return 0 if successful, or POLARSSL_ERR_BLOWFISH_INVALID_KEY_LENGTH
*/
int blowfish_setkey( blowfish_context *ctx, const unsigned char *key, unsigned int keysize );
int blowfish_setkey( blowfish_context *ctx, const unsigned char *key,
unsigned int keysize );
/**
* \brief Blowfish-ECB block encryption/decryption
@ -105,7 +124,8 @@ int blowfish_crypt_ecb( blowfish_context *ctx,
* \param input buffer holding the input data
* \param output buffer holding the output data
*
* \return 0 if successful, or POLARSSL_ERR_BLOWFISH_INVALID_INPUT_LENGTH
* \return 0 if successful, or
* POLARSSL_ERR_BLOWFISH_INVALID_INPUT_LENGTH
*/
int blowfish_crypt_cbc( blowfish_context *ctx,
int mode,

File diff suppressed because it is too large Load Diff

View File

@ -3,7 +3,7 @@
*
* \brief Camellia block cipher
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -27,7 +27,11 @@
#ifndef POLARSSL_CAMELLIA_H
#define POLARSSL_CAMELLIA_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include <string.h>
@ -62,6 +66,20 @@ typedef struct
}
camellia_context;
/**
* \brief Initialize CAMELLIA context
*
* \param ctx CAMELLIA context to be initialized
*/
void camellia_init( camellia_context *ctx );
/**
* \brief Clear CAMELLIA context
*
* \param ctx CAMELLIA context to be cleared
*/
void camellia_free( camellia_context *ctx );
/**
* \brief CAMELLIA key schedule (encryption)
*
@ -71,7 +89,8 @@ camellia_context;
*
* \return 0 if successful, or POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH
*/
int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key, unsigned int keysize );
int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key,
unsigned int keysize );
/**
* \brief CAMELLIA key schedule (decryption)
@ -82,7 +101,8 @@ int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key, unsign
*
* \return 0 if successful, or POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH
*/
int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key, unsigned int keysize );
int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key,
unsigned int keysize );
/**
* \brief CAMELLIA-ECB block encryption/decryption
@ -112,7 +132,8 @@ int camellia_crypt_ecb( camellia_context *ctx,
* \param input buffer holding the input data
* \param output buffer holding the output data
*
* \return 0 if successful, or POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH
* \return 0 if successful, or
* POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH
*/
int camellia_crypt_cbc( camellia_context *ctx,
int mode,
@ -138,7 +159,8 @@ int camellia_crypt_cbc( camellia_context *ctx,
* \param input buffer holding the input data
* \param output buffer holding the output data
*
* \return 0 if successful, or POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH
* \return 0 if successful, or
* POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH
*/
int camellia_crypt_cfb128( camellia_context *ctx,
int mode,

View File

@ -0,0 +1,134 @@
/**
* \file ccm.h
*
* \brief Counter with CBC-MAC (CCM) for 128-bit block ciphers
*
* Copyright (C) 2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef POLARSSL_CCM_H
#define POLARSSL_CCM_H
#include "cipher.h"
#define POLARSSL_ERR_CCM_BAD_INPUT -0x000D /**< Bad input parameters to function. */
#define POLARSSL_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief CCM context structure
*/
typedef struct {
cipher_context_t cipher_ctx; /*!< cipher context used */
}
ccm_context;
/**
* \brief CCM initialization (encryption and decryption)
*
* \param ctx CCM context to be initialized
* \param cipher cipher to use (a 128-bit block cipher)
* \param key encryption key
* \param keysize key size in bits (must be acceptable by the cipher)
*
* \return 0 if successful, or a cipher specific error code
*/
int ccm_init( ccm_context *ctx, cipher_id_t cipher,
const unsigned char *key, unsigned int keysize );
/**
* \brief Free a CCM context and underlying cipher sub-context
*
* \param ctx CCM context to free
*/
void ccm_free( ccm_context *ctx );
/**
* \brief CCM buffer encryption
*
* \param ctx CCM context
* \param length length of the input data in bytes
* \param iv nonce (initialization vector)
* \param iv_len length of IV in bytes
* must be 2, 3, 4, 5, 6, 7 or 8
* \param add additional data
* \param add_len length of additional data in bytes
* must be less than 2^16 - 2^8
* \param input buffer holding the input data
* \param output buffer for holding the output data
* must be at least 'length' bytes wide
* \param tag buffer for holding the tag
* \param tag_len length of the tag to generate in bytes
* must be 4, 6, 8, 10, 14 or 16
*
* \note The tag is written to a separate buffer. To get the tag
* concatenated with the output as in the CCM spec, use
* tag = output + length and make sure the output buffer is
* at least length + tag_len wide.
*
* \return 0 if successful
*/
int ccm_encrypt_and_tag( ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
unsigned char *tag, size_t tag_len );
/**
* \brief CCM buffer authenticated decryption
*
* \param ctx CCM context
* \param length length of the input data
* \param iv initialization vector
* \param iv_len length of IV
* \param add additional data
* \param add_len length of additional data
* \param input buffer holding the input data
* \param output buffer for holding the output data
* \param tag buffer holding the tag
* \param tag_len length of the tag
*
* \return 0 if successful and authenticated,
* POLARSSL_ERR_CCM_AUTH_FAILED if tag does not match
*/
int ccm_auth_decrypt( ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
const unsigned char *tag, size_t tag_len );
#if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_AES_C)
/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
*/
int ccm_self_test( int verbose );
#endif /* POLARSSL_SELF_TEST && POLARSSL_AES_C */
#ifdef __cplusplus
}
#endif
#endif /* POLARSSL_CGM_H */

View File

@ -0,0 +1,326 @@
/**
* \file check_config.h
*
* \brief Consistency checks for configuration options
*
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/*
* It is recommended to include this file from your config.h
* in order to catch dependency issues early.
*/
#ifndef POLARSSL_CHECK_CONFIG_H
#define POLARSSL_CHECK_CONFIG_H
#if defined(POLARSSL_AESNI_C) && !defined(POLARSSL_HAVE_ASM)
#error "POLARSSL_AESNI_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_CERTS_C) && !defined(POLARSSL_PEM_PARSE_C)
#error "POLARSSL_CERTS_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_CTR_DRBG_C) && !defined(POLARSSL_AES_C)
#error "POLARSSL_CTR_DRBG_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_DHM_C) && !defined(POLARSSL_BIGNUM_C)
#error "POLARSSL_DHM_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_ECDH_C) && !defined(POLARSSL_ECP_C)
#error "POLARSSL_ECDH_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_ECDSA_C) && \
( !defined(POLARSSL_ECP_C) || \
!defined(POLARSSL_ASN1_PARSE_C) || \
!defined(POLARSSL_ASN1_WRITE_C) )
#error "POLARSSL_ECDSA_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_ECDSA_DETERMINISTIC) && !defined(POLARSSL_HMAC_DRBG_C)
#error "POLARSSL_ECDSA_DETERMINISTIC defined, but not all prerequisites"
#endif
#if defined(POLARSSL_ECP_C) && ( !defined(POLARSSL_BIGNUM_C) || ( \
!defined(POLARSSL_ECP_DP_SECP192R1_ENABLED) && \
!defined(POLARSSL_ECP_DP_SECP224R1_ENABLED) && \
!defined(POLARSSL_ECP_DP_SECP256R1_ENABLED) && \
!defined(POLARSSL_ECP_DP_SECP384R1_ENABLED) && \
!defined(POLARSSL_ECP_DP_SECP521R1_ENABLED) && \
!defined(POLARSSL_ECP_DP_BP256R1_ENABLED) && \
!defined(POLARSSL_ECP_DP_BP384R1_ENABLED) && \
!defined(POLARSSL_ECP_DP_BP512R1_ENABLED) && \
!defined(POLARSSL_ECP_DP_SECP192K1_ENABLED) && \
!defined(POLARSSL_ECP_DP_SECP224K1_ENABLED) && \
!defined(POLARSSL_ECP_DP_SECP256K1_ENABLED) ) )
#error "POLARSSL_ECP_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_ENTROPY_C) && (!defined(POLARSSL_SHA512_C) && \
!defined(POLARSSL_SHA256_C))
#error "POLARSSL_ENTROPY_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_SHA512_C) && \
defined(CTR_DRBG_ENTROPY_LEN) && (CTR_DRBG_ENTROPY_LEN > 64)
#error "CTR_DRBG_ENTROPY_LEN value too high"
#endif
#if defined(POLARSSL_ENTROPY_C) && \
( !defined(POLARSSL_SHA512_C) || defined(POLARSSL_ENTROPY_FORCE_SHA256) ) \
&& defined(CTR_DRBG_ENTROPY_LEN) && (CTR_DRBG_ENTROPY_LEN > 32)
#error "CTR_DRBG_ENTROPY_LEN value too high"
#endif
#if defined(POLARSSL_ENTROPY_C) && \
defined(POLARSSL_ENTROPY_FORCE_SHA256) && !defined(POLARSSL_SHA256_C)
#error "POLARSSL_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
#endif
#if defined(POLARSSL_GCM_C) && ( \
!defined(POLARSSL_AES_C) && !defined(POLARSSL_CAMELLIA_C) )
#error "POLARSSL_GCM_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_HAVEGE_C) && !defined(POLARSSL_TIMING_C)
#error "POLARSSL_HAVEGE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_HMAC_DRBG) && !defined(POLARSSL_MD_C)
#error "POLARSSL_HMAC_DRBG_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \
( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_X509_CRT_PARSE_C) )
#error "POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_X509_CRT_PARSE_C) )
#error "POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(POLARSSL_DHM_C)
#error "POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && \
!defined(POLARSSL_ECDH_C)
#error "POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
( !defined(POLARSSL_DHM_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_ECDSA_C) || \
!defined(POLARSSL_X509_CRT_PARSE_C) )
#error "POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) && \
( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\
!defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \
( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\
!defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C) && \
( !defined(POLARSSL_PLATFORM_C) || !defined(POLARSSL_PLATFORM_MEMORY) )
#error "POLARSSL_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_PADLOCK_C) && !defined(POLARSSL_HAVE_ASM)
#error "POLARSSL_PADLOCK_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_PBKDF2_C) && !defined(POLARSSL_MD_C)
#error "POLARSSL_PBKDF2_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_PEM_PARSE_C) && !defined(POLARSSL_BASE64_C)
#error "POLARSSL_PEM_PARSE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_PEM_WRITE_C) && !defined(POLARSSL_BASE64_C)
#error "POLARSSL_PEM_WRITE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_PK_PARSE_C) && !defined(POLARSSL_PK_C)
#error "POLARSSL_PK_PARSE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_PK_WRITE_C) && !defined(POLARSSL_PK_C)
#error "POLARSSL_PK_WRITE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_PKCS11_C) && !defined(POLARSSL_PK_C)
#error "POLARSSL_PKCS11_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_RSA_C) && ( !defined(POLARSSL_BIGNUM_C) || \
!defined(POLARSSL_OID_C) )
#error "POLARSSL_RSA_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT) && \
( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_PKCS1_V21) )
#error "POLARSSL_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"
#endif
#if defined(POLARSSL_SSL_PROTO_SSL3) && ( !defined(POLARSSL_MD5_C) || \
!defined(POLARSSL_SHA1_C) )
#error "POLARSSL_SSL_PROTO_SSL3 defined, but not all prerequisites"
#endif
#if defined(POLARSSL_SSL_PROTO_TLS1) && ( !defined(POLARSSL_MD5_C) || \
!defined(POLARSSL_SHA1_C) )
#error "POLARSSL_SSL_PROTO_TLS1 defined, but not all prerequisites"
#endif
#if defined(POLARSSL_SSL_PROTO_TLS1_1) && ( !defined(POLARSSL_MD5_C) || \
!defined(POLARSSL_SHA1_C) )
#error "POLARSSL_SSL_PROTO_TLS1_1 defined, but not all prerequisites"
#endif
#if defined(POLARSSL_SSL_PROTO_TLS1_2) && ( !defined(POLARSSL_SHA1_C) && \
!defined(POLARSSL_SHA256_C) && !defined(POLARSSL_SHA512_C) )
#error "POLARSSL_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
#endif
#if defined(POLARSSL_SSL_CLI_C) && !defined(POLARSSL_SSL_TLS_C)
#error "POLARSSL_SSL_CLI_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_SSL_TLS_C) && ( !defined(POLARSSL_CIPHER_C) || \
!defined(POLARSSL_MD_C) )
#error "POLARSSL_SSL_TLS_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_SSL_SRV_C) && !defined(POLARSSL_SSL_TLS_C)
#error "POLARSSL_SSL_SRV_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_SSL_TLS_C) && (!defined(POLARSSL_SSL_PROTO_SSL3) && \
!defined(POLARSSL_SSL_PROTO_TLS1) && !defined(POLARSSL_SSL_PROTO_TLS1_1) && \
!defined(POLARSSL_SSL_PROTO_TLS1_2))
#error "POLARSSL_SSL_TLS_C defined, but no protocols are active"
#endif
#if defined(POLARSSL_SSL_TLS_C) && (defined(POLARSSL_SSL_PROTO_SSL3) && \
defined(POLARSSL_SSL_PROTO_TLS1_1) && !defined(POLARSSL_SSL_PROTO_TLS1))
#error "Illegal protocol selection"
#endif
#if defined(POLARSSL_SSL_TLS_C) && (defined(POLARSSL_SSL_PROTO_TLS1) && \
defined(POLARSSL_SSL_PROTO_TLS1_2) && !defined(POLARSSL_SSL_PROTO_TLS1_1))
#error "Illegal protocol selection"
#endif
#if defined(POLARSSL_SSL_TLS_C) && (defined(POLARSSL_SSL_PROTO_SSL3) && \
defined(POLARSSL_SSL_PROTO_TLS1_2) && (!defined(POLARSSL_SSL_PROTO_TLS1) || \
!defined(POLARSSL_SSL_PROTO_TLS1_1)))
#error "Illegal protocol selection"
#endif
#if defined(POLARSSL_SSL_SESSION_TICKETS) && defined(POLARSSL_SSL_TLS_C) && \
( !defined(POLARSSL_AES_C) || !defined(POLARSSL_SHA256_C) || \
!defined(POLARSSL_CIPHER_MODE_CBC) )
#error "POLARSSL_SSL_SESSION_TICKETS_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) && \
!defined(POLARSSL_X509_CRT_PARSE_C)
#error "POLARSSL_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
#endif
#if defined(POLARSSL_THREADING_PTHREAD)
#if !defined(POLARSSL_THREADING_C) || defined(POLARSSL_THREADING_IMPL)
#error "POLARSSL_THREADING_PTHREAD defined, but not all prerequisites"
#endif
#define POLARSSL_THREADING_IMPL
#endif
#if defined(POLARSSL_THREADING_ALT)
#if !defined(POLARSSL_THREADING_C) || defined(POLARSSL_THREADING_IMPL)
#error "POLARSSL_THREADING_ALT defined, but not all prerequisites"
#endif
#define POLARSSL_THREADING_IMPL
#endif
#if defined(POLARSSL_THREADING_C) && !defined(POLARSSL_THREADING_IMPL)
#error "POLARSSL_THREADING_C defined, single threading implementation required"
#endif
#undef POLARSSL_THREADING_IMPL
#if defined(POLARSSL_VERSION_FEATURES) && !defined(POLARSSL_VERSION_C)
#error "POLARSSL_VERSION_FEATURES defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_USE_C) && ( !defined(POLARSSL_BIGNUM_C) || \
!defined(POLARSSL_OID_C) || !defined(POLARSSL_ASN1_PARSE_C) || \
!defined(POLARSSL_PK_PARSE_C) )
#error "POLARSSL_X509_USE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_CREATE_C) && ( !defined(POLARSSL_BIGNUM_C) || \
!defined(POLARSSL_OID_C) || !defined(POLARSSL_ASN1_WRITE_C) || \
!defined(POLARSSL_PK_WRITE_C) )
#error "POLARSSL_X509_CREATE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_CRT_PARSE_C) && ( !defined(POLARSSL_X509_USE_C) )
#error "POLARSSL_X509_CRT_PARSE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_CRL_PARSE_C) && ( !defined(POLARSSL_X509_USE_C) )
#error "POLARSSL_X509_CRL_PARSE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_CSR_PARSE_C) && ( !defined(POLARSSL_X509_USE_C) )
#error "POLARSSL_X509_CSR_PARSE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_CRT_WRITE_C) && ( !defined(POLARSSL_X509_CREATE_C) )
#error "POLARSSL_X509_CRT_WRITE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_CSR_WRITE_C) && ( !defined(POLARSSL_X509_CREATE_C) )
#error "POLARSSL_X509_CSR_WRITE_C defined, but not all prerequisites"
#endif
#endif /* POLARSSL_CHECK_CONFIG_H */

View File

@ -5,7 +5,7 @@
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -30,9 +30,13 @@
#ifndef POLARSSL_CIPHER_H
#define POLARSSL_CIPHER_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_GCM_C)
#if defined(POLARSSL_GCM_C) || defined(POLARSSL_CCM_C)
#define POLARSSL_CIPHER_MODE_AEAD
#endif
@ -57,6 +61,9 @@
#define POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 /**< Decryption of block requires a full block. */
#define POLARSSL_ERR_CIPHER_AUTH_FAILED -0x6300 /**< Authentication failed (for AEAD modes). */
#define POLARSSL_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length */
#define POLARSSL_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length */
#ifdef __cplusplus
extern "C" {
#endif
@ -116,6 +123,12 @@ typedef enum {
POLARSSL_CIPHER_BLOWFISH_CFB64,
POLARSSL_CIPHER_BLOWFISH_CTR,
POLARSSL_CIPHER_ARC4_128,
POLARSSL_CIPHER_AES_128_CCM,
POLARSSL_CIPHER_AES_192_CCM,
POLARSSL_CIPHER_AES_256_CCM,
POLARSSL_CIPHER_CAMELLIA_128_CCM,
POLARSSL_CIPHER_CAMELLIA_192_CCM,
POLARSSL_CIPHER_CAMELLIA_256_CCM,
} cipher_type_t;
typedef enum {
@ -123,10 +136,11 @@ typedef enum {
POLARSSL_MODE_ECB,
POLARSSL_MODE_CBC,
POLARSSL_MODE_CFB,
POLARSSL_MODE_OFB,
POLARSSL_MODE_OFB, /* Unused! */
POLARSSL_MODE_CTR,
POLARSSL_MODE_GCM,
POLARSSL_MODE_STREAM,
POLARSSL_MODE_CCM,
} cipher_mode_t;
typedef enum {
@ -172,26 +186,31 @@ typedef struct {
const unsigned char *input, unsigned char *output );
/** Encrypt using CBC */
int (*cbc_func)( void *ctx, operation_t mode, size_t length, unsigned char *iv,
const unsigned char *input, unsigned char *output );
int (*cbc_func)( void *ctx, operation_t mode, size_t length,
unsigned char *iv, const unsigned char *input,
unsigned char *output );
/** Encrypt using CFB (Full length) */
int (*cfb_func)( void *ctx, operation_t mode, size_t length, size_t *iv_off,
unsigned char *iv, const unsigned char *input, unsigned char *output );
unsigned char *iv, const unsigned char *input,
unsigned char *output );
/** Encrypt using CTR */
int (*ctr_func)( void *ctx, size_t length, size_t *nc_off, unsigned char *nonce_counter,
unsigned char *stream_block, const unsigned char *input, unsigned char *output );
int (*ctr_func)( void *ctx, size_t length, size_t *nc_off,
unsigned char *nonce_counter, unsigned char *stream_block,
const unsigned char *input, unsigned char *output );
/** Encrypt using STREAM */
int (*stream_func)( void *ctx, size_t length,
const unsigned char *input, unsigned char *output );
/** Set key for encryption purposes */
int (*setkey_enc_func)( void *ctx, const unsigned char *key, unsigned int key_length);
int (*setkey_enc_func)( void *ctx, const unsigned char *key,
unsigned int key_length );
/** Set key for decryption purposes */
int (*setkey_dec_func)( void *ctx, const unsigned char *key, unsigned int key_length);
int (*setkey_dec_func)( void *ctx, const unsigned char *key,
unsigned int key_length);
/** Allocate a new context */
void * (*ctx_alloc_func)( void );
@ -222,8 +241,8 @@ typedef struct {
* For cipher that accept many sizes: recommended size */
unsigned int iv_size;
/** Flag for ciphers that accept many sizes of IV/NONCE */
int accepts_variable_iv_size;
/** Flags for variable IV size, variable key size, etc. */
int flags;
/** block size, in bytes */
unsigned int block_size;
@ -312,16 +331,32 @@ const cipher_info_t *cipher_info_from_values( const cipher_id_t cipher_id,
int key_length,
const cipher_mode_t mode );
/**
* \brief Initialize a cipher_context (as NONE)
*/
void cipher_init( cipher_context_t *ctx );
/**
* \brief Free and clear the cipher-specific context of ctx.
* Freeing ctx itself remains the responsibility of the
* caller.
*/
void cipher_free( cipher_context_t *ctx );
/**
* \brief Initialises and fills the cipher context structure with
* the appropriate values.
*
* \note Currently also clears structure. In future versions you
* will be required to call cipher_init() on the structure
* first.
*
* \param ctx context to initialise. May not be NULL.
* \param cipher_info cipher to use.
*
* \return \c 0 on success,
* \c POLARSSL_ERR_CIPHER_BAD_INPUT_DATA on parameter failure,
* \c POLARSSL_ERR_CIPHER_ALLOC_FAILED if allocation of the
* \return 0 on success,
* POLARSSL_ERR_CIPHER_BAD_INPUT_DATA on parameter failure,
* POLARSSL_ERR_CIPHER_ALLOC_FAILED if allocation of the
* cipher-specific context failed.
*/
int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info );
@ -330,10 +365,11 @@ int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info );
* \brief Free the cipher-specific context of ctx. Freeing ctx
* itself remains the responsibility of the caller.
*
* \note Deprecated: Redirects to cipher_free()
*
* \param ctx Free the cipher-specific context
*
* \returns 0 on success, POLARSSL_ERR_CIPHER_BAD_INPUT_DATA if
* parameter verification fails.
* \returns 0
*/
int cipher_free_ctx( cipher_context_t *ctx );
@ -470,8 +506,8 @@ static inline operation_t cipher_get_operation( const cipher_context_t *ctx )
* parameter verification fails or a cipher specific
* error code.
*/
int cipher_setkey( cipher_context_t *ctx, const unsigned char *key, int key_length,
const operation_t operation );
int cipher_setkey( cipher_context_t *ctx, const unsigned char *key,
int key_length, const operation_t operation );
#if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
/**
@ -497,7 +533,7 @@ int cipher_set_padding_mode( cipher_context_t *ctx, cipher_padding_t mode );
* \param iv_len IV length for ciphers with variable-size IV;
* discarded by ciphers with fixed-size IV.
*
* \returns O on success, or POLARSSL_ERR_CIPHER_BAD_INPUT_DATA
* \returns 0 on success, or POLARSSL_ERR_CIPHER_BAD_INPUT_DATA
*
* \note Some ciphers don't use IVs nor NONCE. For these
* ciphers, this function has no effect.
@ -515,25 +551,21 @@ int cipher_set_iv( cipher_context_t *ctx,
*/
int cipher_reset( cipher_context_t *ctx );
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
/**
* \brief Add additional data (for AEAD ciphers).
* This function has no effect for non-AEAD ciphers.
* For AEAD ciphers, it may or may not be called
* repeatedly, and/or interleaved with calls to
* cipher_udpate(), depending on the cipher.
* E.g. for GCM is must be called exactly once, right
* after cipher_reset().
* Currently only supported with GCM.
* Must be called exactly once, after cipher_reset().
*
* \param ctx generic cipher context
* \param ad Additional data to use.
* \param ad_len Length of ad.
*
* \returns 0 on success, or a specific error code.
* \return 0 on success, or a specific error code.
*/
int cipher_update_ad( cipher_context_t *ctx,
const unsigned char *ad, size_t ad_len );
#endif /* POLARSSL_CIPHER_MODE_AEAD */
#endif /* POLARSSL_GCM_C */
/**
* \brief Generic cipher update function. Encrypts/decrypts
@ -564,8 +596,8 @@ int cipher_update_ad( cipher_context_t *ctx,
* function, except the last one before cipher_finish(),
* must have ilen a multiple of the block size.
*/
int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen );
int cipher_update( cipher_context_t *ctx, const unsigned char *input,
size_t ilen, unsigned char *output, size_t *olen );
/**
* \brief Generic cipher finalisation function. If data still
@ -587,10 +619,10 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
int cipher_finish( cipher_context_t *ctx,
unsigned char *output, size_t *olen );
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
/**
* \brief Write tag for AEAD ciphers.
* No effect for other ciphers.
* Currently only supported with GCM.
* Must be called after cipher_finish().
*
* \param ctx Generic cipher context
@ -604,9 +636,8 @@ int cipher_write_tag( cipher_context_t *ctx,
/**
* \brief Check tag for AEAD ciphers.
* No effect for other ciphers.
* Calling time depends on the cipher:
* for GCM, must be called after cipher_finish().
* Currently only supported with GCM.
* Must be called after cipher_finish().
*
* \param ctx Generic cipher context
* \param tag Buffer holding the tag
@ -616,6 +647,103 @@ int cipher_write_tag( cipher_context_t *ctx,
*/
int cipher_check_tag( cipher_context_t *ctx,
const unsigned char *tag, size_t tag_len );
#endif /* POLARSSL_GCM_C */
/**
* \brief Generic all-in-one encryption/decryption
* (for all ciphers except AEAD constructs).
*
* \param ctx generic cipher context
* \param iv IV to use (or NONCE_COUNTER for CTR-mode ciphers)
* \param iv_len IV length for ciphers with variable-size IV;
* discarded by ciphers with fixed-size IV.
* \param input buffer holding the input data
* \param ilen length of the input data
* \param output buffer for the output data. Should be able to hold at
* least ilen + block_size. Cannot be the same buffer as
* input!
* \param olen length of the output data, will be filled with the
* actual number of bytes written.
*
* \note Some ciphers don't use IVs nor NONCE. For these
* ciphers, use iv = NULL and iv_len = 0.
*
* \returns 0 on success, or
* POLARSSL_ERR_CIPHER_BAD_INPUT_DATA, or
* POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption
* expected a full block but was not provided one, or
* POLARSSL_ERR_CIPHER_INVALID_PADDING on invalid padding
* while decrypting, or
* a cipher specific error code.
*/
int cipher_crypt( cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen );
#if defined(POLARSSL_CIPHER_MODE_AEAD)
/**
* \brief Generic autenticated encryption (AEAD ciphers).
*
* \param ctx generic cipher context
* \param iv IV to use (or NONCE_COUNTER for CTR-mode ciphers)
* \param iv_len IV length for ciphers with variable-size IV;
* discarded by ciphers with fixed-size IV.
* \param ad Additional data to authenticate.
* \param ad_len Length of ad.
* \param input buffer holding the input data
* \param ilen length of the input data
* \param output buffer for the output data.
* Should be able to hold at least ilen.
* \param olen length of the output data, will be filled with the
* actual number of bytes written.
* \param tag buffer for the authentication tag
* \param tag_len desired tag length
*
* \returns 0 on success, or
* POLARSSL_ERR_CIPHER_BAD_INPUT_DATA, or
* a cipher specific error code.
*/
int cipher_auth_encrypt( cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len,
const unsigned char *ad, size_t ad_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen,
unsigned char *tag, size_t tag_len );
/**
* \brief Generic autenticated decryption (AEAD ciphers).
*
* \param ctx generic cipher context
* \param iv IV to use (or NONCE_COUNTER for CTR-mode ciphers)
* \param iv_len IV length for ciphers with variable-size IV;
* discarded by ciphers with fixed-size IV.
* \param ad Additional data to be authenticated.
* \param ad_len Length of ad.
* \param input buffer holding the input data
* \param ilen length of the input data
* \param output buffer for the output data.
* Should be able to hold at least ilen.
* \param olen length of the output data, will be filled with the
* actual number of bytes written.
* \param tag buffer holding the authentication tag
* \param tag_len length of the authentication tag
*
* \returns 0 on success, or
* POLARSSL_ERR_CIPHER_BAD_INPUT_DATA, or
* POLARSSL_ERR_CIPHER_AUTH_FAILED if data isn't authentic,
* or a cipher specific error code.
*
* \note If the data is not authentic, then the output buffer
* is zeroed out to prevent the unauthentic plaintext to
* be used by mistake, making this interface safer.
*/
int cipher_auth_decrypt( cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len,
const unsigned char *ad, size_t ad_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen,
const unsigned char *tag, size_t tag_len );
#endif /* POLARSSL_CIPHER_MODE_AEAD */
/**

View File

@ -29,7 +29,11 @@
#ifndef POLARSSL_CIPHER_WRAP_H
#define POLARSSL_CIPHER_WRAP_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include "cipher.h"
#ifdef __cplusplus

View File

@ -27,7 +27,11 @@
#ifndef POLARSSL_COMPAT_1_2_H
#define POLARSSL_COMPAT_1_2_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
// Comment out to disable prototype change warnings
#define SHOW_PROTOTYPE_CHANGE_WARNINGS
@ -167,7 +171,7 @@ static inline int sha4_self_test( int verbose ) {
#warning "rsa_pkcs1_verify() prototype changed. Manual change required if used"
#warning "rsa_pkcs1_decrypt() prototype changed. Manual change required if used"
#endif
#endif
#endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_DHM_C)
#if defined(SHOW_PROTOTYPE_CHANGE_WARNINGS)

View File

@ -3,7 +3,7 @@
*
* \brief Configuration options (set of defines)
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -113,6 +113,60 @@
* Comment if your system does not support the IPv6 socket interface
*/
#define POLARSSL_HAVE_IPV6
/**
* \def POLARSSL_PLATFORM_MEMORY
*
* Enable the memory allocation layer.
*
* By default PolarSSL uses the system-provided malloc() and free().
* This allows different allocators (self-implemented or provided) to be
* provided to the platform abstraction layer.
*
* Enabling POLARSSL_PLATFORM_MEMORY will provide "platform_set_malloc_free()"
* to allow you to set an alternative malloc() and free() function pointer.
*
* Requires: POLARSSL_PLATFORM_C
*
* Enable this layer to allow use of alternative memory allocators.
*/
//#define POLARSSL_PLATFORM_MEMORY
/**
* \def POLARSSL_PLATFORM_NO_STD_FUNCTIONS
*
* Do not assign standard functions in the platform layer (e.g. malloc() to
* POLARSSL_PLATFORM_STD_MALLOC and printf() to POLARSSL_PLATFORM_STD_PRINTF)
*
* This makes sure there are no linking errors on platforms that do not support
* these functions. You will HAVE to provide alternatives, either at runtime
* via the platform_set_xxx() functions or at compile time by setting
* the POLARSSL_PLATFORM_STD_XXX defines.
*
* Requires: POLARSSL_PLATFORM_C
*
* Uncomment to prevent default assignment of standard functions in the
* platform layer.
*/
//#define POLARSSL_PLATFORM_NO_STD_FUNCTIONS
/**
* \def POLARSSL_PLATFORM_XXX_ALT
*
* Uncomment a macro to let PolarSSL support the function in the platform
* abstraction layer.
*
* Example: In case you uncomment POLARSSL_PLATFORM_PRINTF_ALT, PolarSSL will
* provide a function "platform_set_printf()" that allows you to set an
* alternative printf function pointer.
*
* All these define require POLARSSL_PLATFORM_C to be defined!
*
* Uncomment a macro to enable alternate implementation of specific base
* platform function
*/
//#define POLARSSL_PLATFORM_PRINTF_ALT
//#define POLARSSL_PLATFORM_FPRINTF_ALT
/* \} name SECTION: System support */
/**
@ -123,6 +177,19 @@
* \{
*/
/**
* \def POLARSSL_TIMING_ALT
*
* Uncomment to provide your own alternate implementation for hardclock(),
* get_timer(), set_alarm() and m_sleep().
*
* Only works if you have POLARSSL_TIMING_C enabled.
*
* You will need to provide a header "timing_alt.h" and an implementation at
* compile time.
*/
//#define POLARSSL_TIMING_ALT
/**
* \def POLARSSL_XXX_ALT
*
@ -214,8 +281,8 @@
* TLS_PSK_WITH_NULL_SHA
*
* Uncomment this macro to enable the NULL cipher and ciphersuites
#define POLARSSL_CIPHER_NULL_CIPHER
*/
//#define POLARSSL_CIPHER_NULL_CIPHER
/**
* \def POLARSSL_CIPHER_PADDING_XXX
@ -244,8 +311,21 @@
* TLS_DHE_RSA_WITH_DES_CBC_SHA
*
* Uncomment this macro to enable weak ciphersuites
#define POLARSSL_ENABLE_WEAK_CIPHERSUITES
*/
//#define POLARSSL_ENABLE_WEAK_CIPHERSUITES
/**
* \def POLARSSL_REMOVE_ARC4_CIPHERSUITES
*
* Remove RC4 ciphersuites by default in SSL / TLS.
* This flag removes the ciphersuites based on RC4 from the default list as
* returned by ssl_list_ciphersuites(). However, it is still possible to
* enable (some of) them with ssl_set_ciphersuites() by including them
* explicitly.
*
* Uncomment this macro to remove RC4 ciphersuites by default.
*/
//#define POLARSSL_REMOVE_ARC4_CIPHERSUITES
/**
* \def POLARSSL_ECP_XXXX_ENABLED
@ -290,7 +370,7 @@
* may result in a compromise of the long-term signing key. This is avoided by
* the deterministic variant.
*
* Requires: POLARSSL_MD_C
* Requires: POLARSSL_HMAC_DRBG_C
*
* Comment this macro to disable deterministic ECDSA.
*/
@ -538,12 +618,29 @@
*/
#define POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED
/**
* \def POLARSSL_PK_PARSE_EC_EXTENDED
*
* Enhance support for reading EC keys using variants of SEC1 not allowed by
* RFC 5915 and RFC 5480.
*
* Currently this means parsing the SpecifiedECDomain choice of EC
* parameters (only known groups are supported, not arbitrary domains, to
* avoid validation issues).
*
* Disable if you only need to support RFC 5915 + 5480 key formats.
*/
#define POLARSSL_PK_PARSE_EC_EXTENDED
/**
* \def POLARSSL_ERROR_STRERROR_BC
*
* Make available the backward compatible error_strerror() next to the
* current polarssl_strerror().
*
* For new code, it is recommended to use polarssl_strerror() instead and
* disable this.
*
* Disable if you run into name conflicts and want to really remove the
* error_strerror()
*/
@ -553,7 +650,11 @@
* \def POLARSSL_ERROR_STRERROR_DUMMY
*
* Enable a dummy error function to make use of polarssl_strerror() in
* third party libraries easier.
* third party libraries easier when POLARSSL_ERROR_C is disabled
* (no effect when POLARSSL_ERROR_C is enabled).
*
* You can safely disable this if POLARSSL_ERROR_C is enabled, or if you're
* not using polarssl_strerror() or error_strerror() in your application.
*
* Disable if you run into name conflicts and want to really remove the
* polarssl_strerror()
@ -600,6 +701,22 @@
*/
//#define POLARSSL_NO_PLATFORM_ENTROPY
/**
* \def POLARSSL_ENTROPY_FORCE_SHA256
*
* Force the entropy accumulator to use a SHA-256 accumulator instead of the
* default SHA-512 based one (if both are available).
*
* Requires: POLARSSL_SHA256_C
*
* On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
* if you have performance concerns.
*
* This option is only useful if both POLARSSL_SHA256_C and
* POLARSSL_SHA512_C are defined. Otherwise the available hash module is used.
*/
//#define POLARSSL_ENTROPY_FORCE_SHA256
/**
* \def POLARSSL_MEMORY_DEBUG
*
@ -608,7 +725,6 @@
* function for 'debug output' of allocated memory.
*
* Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C
* fprintf()
*
* Uncomment this macro to let the buffer allocator print out error messages.
*/
@ -782,6 +898,16 @@
*/
#define POLARSSL_SSL_PROTO_TLS1_2
/**
* \def POLARSSL_SSL_ALPN
*
* Enable support for Application Layer Protocol Negotiation.
* draft-ietf-tls-applayerprotoneg-05
*
* Comment this macro to disable support for ALPN.
*/
#define POLARSSL_SSL_ALPN
/**
* \def POLARSSL_SSL_SESSION_TICKETS
*
@ -813,6 +939,20 @@
*/
#define POLARSSL_SSL_TRUNCATED_HMAC
/**
* \def POLARSSL_SSL_SET_CURVES
*
* Enable ssl_set_curves().
*
* This is disabled by default since it breaks binary compatibility with the
* 1.3.x line. If you choose to enable it, you will need to rebuild your
* application against the new header files, relinking will not be enough.
* It will be enabled by default, or no longer an option, in the 1.4 branch.
*
* Uncomment to make ssl_set_curves() available.
*/
//#define POLARSSL_SSL_SET_CURVES
/**
* \def POLARSSL_THREADING_ALT
*
@ -835,6 +975,19 @@
*/
//#define POLARSSL_THREADING_PTHREAD
/**
* \def POLARSSL_VERSION_FEATURES
*
* Allow run-time checking of compile-time enabled features. Thus allowing users
* to check at run-time if the library is for instance compiled with threading
* support via version_check_feature().
*
* Requires: POLARSSL_VERSION_C
*
* Comment this to disable run-time checking and save ROM space
*/
#define POLARSSL_VERSION_FEATURES
/**
* \def POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
*
@ -855,12 +1008,53 @@
*/
//#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
/**
* \def POLARSSL_X509_CHECK_KEY_USAGE
*
* Enable verification of the keyUsage extension (CA and leaf certificates).
*
* Disabling this avoids problems with mis-issued and/or misused
* (intermediate) CA and leaf certificates.
*
* \warning Depending on your PKI use, disabling this can be a security risk!
*
* Comment to skip keyUsage checking for both CA and leaf certificates.
*/
#define POLARSSL_X509_CHECK_KEY_USAGE
/**
* \def POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE
*
* Enable verification of the extendedKeyUsage extension (leaf certificates).
*
* Disabling this avoids problems with mis-issued and/or misused certificates.
*
* \warning Depending on your PKI use, disabling this can be a security risk!
*
* Comment to skip extendedKeyUsage checking for certificates.
*/
#define POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE
/**
* \def POLARSSL_X509_RSASSA_PSS_SUPPORT
*
* Enable parsing and verification of X.509 certificates, CRLs and CSRS
* signed with RSASSA-PSS (aka PKCS#1 v2.1).
*
* Comment this macro to disallow using RSASSA-PSS in certificates.
*/
#define POLARSSL_X509_RSASSA_PSS_SUPPORT
/**
* \def POLARSSL_ZLIB_SUPPORT
*
* If set, the SSL/TLS module uses ZLIB to support compression and
* decompression of packet data.
*
* \warning TLS-level compression MAY REDUCE SECURITY! See for example the
* CRIME attack. Before enabling this option, you should examine with care if
* CRIME or similar exploits may be a applicable to your use case.
*
* Used in: library/ssl_tls.c
* library/ssl_cli.c
* library/ssl_srv.c
@ -1039,10 +1233,11 @@
* Module: library/bignum.c
* Caller: library/dhm.c
* library/ecp.c
* library/ecdsa.c
* library/rsa.c
* library/ssl_tls.c
*
* This module is required for RSA and DHM support.
* This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
*/
#define POLARSSL_BIGNUM_C
@ -1110,6 +1305,20 @@
*/
#define POLARSSL_CAMELLIA_C
/**
* \def POLARSSL_CCM_C
*
* Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
*
* Module: library/ccm.c
*
* Requires: POLARSSL_AES_C or POLARSSL_CAMELLIA_C
*
* This module enables the AES-CCM ciphersuites, if other requisites are
* enabled as well.
*/
#define POLARSSL_CCM_C
/**
* \def POLARSSL_CERTS_C
*
@ -1256,7 +1465,7 @@
* Module: library/entropy.c
* Caller:
*
* Requires: POLARSSL_SHA512_C
* Requires: POLARSSL_SHA512_C or POLARSSL_SHA256_C
*
* This module provides a generic entropy pool
*/
@ -1270,7 +1479,7 @@
* Module: library/error.c
* Caller:
*
* This module enables err_strerror().
* This module enables polarssl_strerror().
*/
#define POLARSSL_ERROR_C
@ -1311,6 +1520,20 @@
*/
//#define POLARSSL_HAVEGE_C
/**
* \def POLARSSL_HMAC_DRBG_C
*
* Enable the HMAC_DRBG random generator.
*
* Module: library/hmac_drbg.c
* Caller:
*
* Requires: POLARSSL_MD_C
*
* Uncomment to enable the HMAC_DRBG random number geerator.
*/
#define POLARSSL_HMAC_DRBG_C
/**
* \def POLARSSL_MD_C
*
@ -1364,15 +1587,7 @@
/**
* \def POLARSSL_MEMORY_C
*
* Enable the memory allocation layer.
* By default PolarSSL uses the system-provided malloc() and free().
* (As long as POLARSSL_MEMORY_STDMALLOC and POLARSSL_MEMORY_STDFREE
* are defined and unmodified)
*
* This allows different allocators (self-implemented or provided)
*
* Enable this layer to allow use of alternative memory allocators.
* Deprecated since 1.3.5. Please use POLARSSL_PLATFORM_MEMORY instead.
*/
//#define POLARSSL_MEMORY_C
@ -1385,7 +1600,8 @@
*
* Module: library/memory_buffer_alloc.c
*
* Requires: POLARSSL_MEMORY_C
* Requires: POLARSSL_PLATFORM_C
* POLARSSL_PLATFORM_MEMORY (to use it within PolarSSL)
*
* Enable this module to enable the buffer memory allocator.
*/
@ -1576,6 +1792,19 @@
*/
#define POLARSSL_PKCS12_C
/**
* \def POLARSSL_PLATFORM_C
*
* Enable the platform abstraction layer that allows you to re-assign
* functions like malloc(), free(), printf(), fprintf()
*
* Module: library/platform.c
* Caller: Most other .c files
*
* This module enables abstraction of common (libc) functions.
*/
#define POLARSSL_PLATFORM_C
/**
* \def POLARSSL_RIPEMD160_C
*
@ -1873,329 +2102,79 @@
* This section allows for the setting of module specific sizes and
* configuration options. The default values are already present in the
* relevant header files and should suffice for the regular use cases.
* Our advice is to enable POLARSSL_CONFIG_OPTIONS and change values here
* only if you have a good reason and know the consequences.
*
* If POLARSSL_CONFIG_OPTIONS is undefined here the options in the module
* header file take precedence.
* Our advice is to enable options and change their values here
* only if you have a good reason and know the consequences.
*
* Please check the respective header file for documentation on these
* parameters (to prevent duplicate documentation).
*
* Uncomment POLARSSL_CONFIG_OPTIONS to enable using the values defined here.
* \{
*/
//#define POLARSSL_CONFIG_OPTIONS /**< Enable config.h module value configuration */
#if defined(POLARSSL_CONFIG_OPTIONS)
/* MPI / BIGNUM options */
//#define POLARSSL_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */
//#define POLARSSL_MPI_MAX_SIZE 512 /**< Maximum number of bytes for usable MPIs. */
// MPI / BIGNUM options
//
#define POLARSSL_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */
#define POLARSSL_MPI_MAX_SIZE 512 /**< Maximum number of bytes for usable MPIs. */
/* CTR_DRBG options */
//#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
//#define CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
//#define CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
//#define CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
//#define CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
// CTR_DRBG options
//
#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
#define CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
#define CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
#define CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
#define CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
/* HMAC_DRBG options */
//#define POLARSSL_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
//#define POLARSSL_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
//#define POLARSSL_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
//#define POLARSSL_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
// ECP options
//
#define POLARSSL_ECP_MAX_BITS 521 /**< Maximum bit size of groups */
#define POLARSSL_ECP_WINDOW_SIZE 6 /**< Maximum window size used */
#define POLARSSL_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */
/* ECP options */
//#define POLARSSL_ECP_MAX_BITS 521 /**< Maximum bit size of groups */
//#define POLARSSL_ECP_WINDOW_SIZE 6 /**< Maximum window size used */
//#define POLARSSL_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */
// Entropy options
//
#define ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
#define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
/* Entropy options */
//#define ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
//#define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
// Memory options
#define MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
#define POLARSSL_MEMORY_STDMALLOC malloc /**< Default allocator to use, can be undefined */
#define POLARSSL_MEMORY_STDFREE free /**< Default free to use, can be undefined */
/* Memory buffer allocator options */
//#define POLARSSL_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
// SSL Cache options
//
#define SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
#define SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
/* Platform options */
//#define POLARSSL_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if POLARSSL_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
//#define POLARSSL_PLATFORM_STD_MALLOC malloc /**< Default allocator to use, can be undefined */
//#define POLARSSL_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */
//#define POLARSSL_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */
//#define POLARSSL_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */
// SSL options
//
#define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */
#define SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
/* SSL Cache options */
//#define SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
//#define SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
#endif /* POLARSSL_CONFIG_OPTIONS */
/* SSL options */
//#define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */
//#define SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
//#define POLARSSL_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
/* \} name */
/*
* Sanity checks on defines and dependencies
/**
* Complete list of ciphersuites to use, in order of preference.
*
* \warning No dependency checking is done on that field! This option can only
* be used to restrict the set of available ciphersuites. It is your
* responsibility to make sure the needed modules are active.
*
* Use this to save a few hundred bytes of ROM (default ordering of all
* available ciphersuites) and a few to a few hundred bytes of RAM.
*
* The value below is only an example, not the default.
*/
#if defined(POLARSSL_AESNI_C) && !defined(POLARSSL_HAVE_ASM)
#error "POLARSSL_AESNI_C defined, but not all prerequisites"
#endif
//#define SSL_CIPHERSUITES TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
#if defined(POLARSSL_CERTS_C) && !defined(POLARSSL_PEM_PARSE_C)
#error "POLARSSL_CERTS_C defined, but not all prerequisites"
#endif
/* Debug options */
//#define POLARSSL_DEBUG_DFL_MODE POLARSSL_DEBUG_LOG_FULL /**< Default log: Full or Raw */
#if defined(POLARSSL_CTR_DRBG_C) && !defined(POLARSSL_AES_C)
#error "POLARSSL_CTR_DRBG_C defined, but not all prerequisites"
#endif
/* \} name SECTION: Module configuration options */
#if defined(POLARSSL_DHM_C) && !defined(POLARSSL_BIGNUM_C)
#error "POLARSSL_DHM_C defined, but not all prerequisites"
#endif
#include "check_config.h"
#if defined(POLARSSL_ECDH_C) && !defined(POLARSSL_ECP_C)
#error "POLARSSL_ECDH_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_ECDSA_C) && \
( !defined(POLARSSL_ECP_C) || \
!defined(POLARSSL_ASN1_PARSE_C) || \
!defined(POLARSSL_ASN1_WRITE_C) )
#error "POLARSSL_ECDSA_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_ECDSA_DETERMINISTIC) && !defined(POLARSSL_MD_C)
#error "POLARSSL_ECDSA_DETERMINISTIC defined, but not all prerequisites"
#endif
#if defined(POLARSSL_ECP_C) && ( !defined(POLARSSL_BIGNUM_C) || ( \
!defined(POLARSSL_ECP_DP_SECP192R1_ENABLED) && \
!defined(POLARSSL_ECP_DP_SECP224R1_ENABLED) && \
!defined(POLARSSL_ECP_DP_SECP256R1_ENABLED) && \
!defined(POLARSSL_ECP_DP_SECP384R1_ENABLED) && \
!defined(POLARSSL_ECP_DP_SECP521R1_ENABLED) && \
!defined(POLARSSL_ECP_DP_BP256R1_ENABLED) && \
!defined(POLARSSL_ECP_DP_BP384R1_ENABLED) && \
!defined(POLARSSL_ECP_DP_BP512R1_ENABLED) ) )
#error "POLARSSL_ECP_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_ENTROPY_C) && (!defined(POLARSSL_SHA512_C) && \
!defined(POLARSSL_SHA256_C))
#error "POLARSSL_ENTROPY_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_SHA512_C) && \
defined(POLARSSL_CONFIG_OPTIONS) && (CTR_DRBG_ENTROPY_LEN > 64)
#error "CTR_DRBG_ENTROPY_LEN value too high"
#endif
#if defined(POLARSSL_ENTROPY_C) && !defined(POLARSSL_SHA512_C) && \
defined(POLARSSL_CONFIG_OPTIONS) && (CTR_DRBG_ENTROPY_LEN > 32)
#error "CTR_DRBG_ENTROPY_LEN value too high"
#endif
#if defined(POLARSSL_GCM_C) && ( \
!defined(POLARSSL_AES_C) && !defined(POLARSSL_CAMELLIA_C) )
#error "POLARSSL_GCM_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_HAVEGE_C) && !defined(POLARSSL_TIMING_C)
#error "POLARSSL_HAVEGE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \
( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_X509_CRT_PARSE_C) )
#error "POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_X509_CRT_PARSE_C) )
#error "POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(POLARSSL_DHM_C)
#error "POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && \
!defined(POLARSSL_ECDH_C)
#error "POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
( !defined(POLARSSL_DHM_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_RSA_C) || \
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_ECDSA_C) || \
!defined(POLARSSL_X509_CRT_PARSE_C) )
#error "POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) && \
( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\
!defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \
( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\
!defined(POLARSSL_PKCS1_V15) )
#error "POLARSSL_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C) && !defined(POLARSSL_MEMORY_C)
#error "POLARSSL_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_PADLOCK_C) && !defined(POLARSSL_HAVE_ASM)
#error "POLARSSL_PADLOCK_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_PBKDF2_C) && !defined(POLARSSL_MD_C)
#error "POLARSSL_PBKDF2_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_PEM_PARSE_C) && !defined(POLARSSL_BASE64_C)
#error "POLARSSL_PEM_PARSE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_PEM_WRITE_C) && !defined(POLARSSL_BASE64_C)
#error "POLARSSL_PEM_WRITE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_PK_PARSE_C) && !defined(POLARSSL_PK_C)
#error "POLARSSL_PK_PARSE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_PK_WRITE_C) && !defined(POLARSSL_PK_C)
#error "POLARSSL_PK_WRITE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_PKCS11_C) && !defined(POLARSSL_PK_C)
#error "POLARSSL_PKCS11_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_RSA_C) && ( !defined(POLARSSL_BIGNUM_C) || \
!defined(POLARSSL_OID_C) )
#error "POLARSSL_RSA_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_SSL_PROTO_SSL3) && ( !defined(POLARSSL_MD5_C) || \
!defined(POLARSSL_SHA1_C) )
#error "POLARSSL_SSL_PROTO_SSL3 defined, but not all prerequisites"
#endif
#if defined(POLARSSL_SSL_PROTO_TLS1) && ( !defined(POLARSSL_MD5_C) || \
!defined(POLARSSL_SHA1_C) )
#error "POLARSSL_SSL_PROTO_TLS1 defined, but not all prerequisites"
#endif
#if defined(POLARSSL_SSL_PROTO_TLS1_1) && ( !defined(POLARSSL_MD5_C) || \
!defined(POLARSSL_SHA1_C) )
#error "POLARSSL_SSL_PROTO_TLS1_1 defined, but not all prerequisites"
#endif
#if defined(POLARSSL_SSL_PROTO_TLS1_2) && ( !defined(POLARSSL_SHA1_C) && \
!defined(POLARSSL_SHA256_C) && !defined(POLARSSL_SHA512_C) )
#error "POLARSSL_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
#endif
#if defined(POLARSSL_SSL_CLI_C) && !defined(POLARSSL_SSL_TLS_C)
#error "POLARSSL_SSL_CLI_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_SSL_TLS_C) && ( !defined(POLARSSL_CIPHER_C) || \
!defined(POLARSSL_MD_C) )
#error "POLARSSL_SSL_TLS_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_SSL_SRV_C) && !defined(POLARSSL_SSL_TLS_C)
#error "POLARSSL_SSL_SRV_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_SSL_TLS_C) && (!defined(POLARSSL_SSL_PROTO_SSL3) && \
!defined(POLARSSL_SSL_PROTO_TLS1) && !defined(POLARSSL_SSL_PROTO_TLS1_1) && \
!defined(POLARSSL_SSL_PROTO_TLS1_2))
#error "POLARSSL_SSL_TLS_C defined, but no protocols are active"
#endif
#if defined(POLARSSL_SSL_TLS_C) && (defined(POLARSSL_SSL_PROTO_SSL3) && \
defined(POLARSSL_SSL_PROTO_TLS1_1) && !defined(POLARSSL_SSL_PROTO_TLS1))
#error "Illegal protocol selection"
#endif
#if defined(POLARSSL_SSL_TLS_C) && (defined(POLARSSL_SSL_PROTO_TLS1) && \
defined(POLARSSL_SSL_PROTO_TLS1_2) && !defined(POLARSSL_SSL_PROTO_TLS1_1))
#error "Illegal protocol selection"
#endif
#if defined(POLARSSL_SSL_TLS_C) && (defined(POLARSSL_SSL_PROTO_SSL3) && \
defined(POLARSSL_SSL_PROTO_TLS1_2) && (!defined(POLARSSL_SSL_PROTO_TLS1) || \
!defined(POLARSSL_SSL_PROTO_TLS1_1)))
#error "Illegal protocol selection"
#endif
#if defined(POLARSSL_SSL_SESSION_TICKETS) && defined(POLARSSL_SSL_TLS_C) && \
( !defined(POLARSSL_AES_C) || !defined(POLARSSL_SHA256_C) || \
!defined(POLARSSL_CIPHER_MODE_CBC) )
#error "POLARSSL_SSL_SESSION_TICKETS_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_THREADING_PTHREAD)
#if !defined(POLARSSL_THREADING_C) || defined(POLARSSL_THREADING_IMPL)
#error "POLARSSL_THREADING_PTHREAD defined, but not all prerequisites"
#endif
#define POLARSSL_THREADING_IMPL
#endif
#if defined(POLARSSL_THREADING_ALT)
#if !defined(POLARSSL_THREADING_C) || defined(POLARSSL_THREADING_IMPL)
#error "POLARSSL_THREADING_ALT defined, but not all prerequisites"
#endif
#define POLARSSL_THREADING_IMPL
#endif
#if defined(POLARSSL_THREADING_C) && !defined(POLARSSL_THREADING_IMPL)
#error "POLARSSL_THREADING_C defined, single threading implementation required"
#endif
#undef POLARSSL_THREADING_IMPL
#if defined(POLARSSL_X509_USE_C) && ( !defined(POLARSSL_BIGNUM_C) || \
!defined(POLARSSL_OID_C) || !defined(POLARSSL_ASN1_PARSE_C) || \
!defined(POLARSSL_PK_PARSE_C) )
#error "POLARSSL_X509_USE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_CREATE_C) && ( !defined(POLARSSL_BIGNUM_C) || \
!defined(POLARSSL_OID_C) || !defined(POLARSSL_ASN1_WRITE_C) || \
!defined(POLARSSL_PK_WRITE_C) )
#error "POLARSSL_X509_CREATE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_CRT_PARSE_C) && ( !defined(POLARSSL_X509_USE_C) )
#error "POLARSSL_X509_CRT_PARSE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_CRL_PARSE_C) && ( !defined(POLARSSL_X509_USE_C) )
#error "POLARSSL_X509_CRL_PARSE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_CSR_PARSE_C) && ( !defined(POLARSSL_X509_USE_C) )
#error "POLARSSL_X509_CSR_PARSE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_CRT_WRITE_C) && ( !defined(POLARSSL_X509_CREATE_C) )
#error "POLARSSL_X509_CRT_WRITE_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_X509_CSR_WRITE_C) && ( !defined(POLARSSL_X509_CREATE_C) )
#error "POLARSSL_X509_CSR_WRITE_C defined, but not all prerequisites"
#endif
#endif /* config.h */
#endif /* POLARSSL_CONFIG_H */

View File

@ -3,7 +3,7 @@
*
* \brief CTR_DRBG based on AES-256 (NIST SP 800-90)
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -42,17 +42,39 @@
#define CTR_DRBG_SEEDLEN ( CTR_DRBG_KEYSIZE + CTR_DRBG_BLOCKSIZE )
/**< The seed length (counter + AES key) */
#if !defined(POLARSSL_CONFIG_OPTIONS)
#if defined(POLARSSL_SHA512_C)
/**
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
* Either change them in config.h or define them on the compiler command line.
* \{
*/
#if !defined(CTR_DRBG_ENTROPY_LEN)
#if defined(POLARSSL_SHA512_C) && !defined(POLARSSL_ENTROPY_FORCE_SHA256)
#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
#else
#define CTR_DRBG_ENTROPY_LEN 32 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
#endif
#endif
#if !defined(CTR_DRBG_RESEED_INTERVAL)
#define CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
#endif
#if !defined(CTR_DRBG_MAX_INPUT)
#define CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
#endif
#if !defined(CTR_DRBG_MAX_REQUEST)
#define CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
#endif
#if !defined(CTR_DRBG_MAX_SEED_INPUT)
#define CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
#endif /* !POLARSSL_CONFIG_OPTIONS */
#endif
/* \} name SECTION: Module settings */
#define CTR_DRBG_PR_OFF 0 /**< No prediction resistance */
#define CTR_DRBG_PR_ON 1 /**< Prediction resistance enabled */
@ -70,7 +92,8 @@ typedef struct
int reseed_counter; /*!< reseed counter */
int prediction_resistance; /*!< enable prediction resistance (Automatic
reseed before every random generation) */
size_t entropy_len; /*!< amount of entropy grabbed on each (re)seed */
size_t entropy_len; /*!< amount of entropy grabbed on each
(re)seed */
int reseed_interval; /*!< reseed interval */
aes_context aes_ctx; /*!< AES context */
@ -107,6 +130,13 @@ int ctr_drbg_init( ctr_drbg_context *ctx,
const unsigned char *custom,
size_t len );
/**
* \brief Clear CTR_CRBG context data
*
* \param ctx CTR_DRBG context to clear
*/
void ctr_drbg_free( ctr_drbg_context *ctx );
/**
* \brief Enable / disable prediction resistance (Default: Off)
*
@ -204,7 +234,8 @@ int ctr_drbg_random( void *p_rng,
* \param ctx CTR_DRBG context
* \param path Name of the file
*
* \return 0 if successful, 1 on file error, or
* \return 0 if successful,
* POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR on file error, or
* POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
*/
int ctr_drbg_write_seed_file( ctr_drbg_context *ctx, const char *path );
@ -216,12 +247,13 @@ int ctr_drbg_write_seed_file( ctr_drbg_context *ctx, const char *path );
* \param ctx CTR_DRBG context
* \param path Name of the file
*
* \return 0 if successful, 1 on file error,
* \return 0 if successful,
* POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR on file error,
* POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
* POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG
*/
int ctr_drbg_update_seed_file( ctr_drbg_context *ctx, const char *path );
#endif
#endif /* POLARSSL_FS_IO */
/**
* \brief Checkup routine
@ -231,7 +263,9 @@ int ctr_drbg_update_seed_file( ctr_drbg_context *ctx, const char *path );
int ctr_drbg_self_test( int verbose );
/* Internal functions (do not call directly) */
int ctr_drbg_init_entropy_len( ctr_drbg_context *, int (*)(void *, unsigned char *, size_t), void *, const unsigned char *, size_t, size_t );
int ctr_drbg_init_entropy_len( ctr_drbg_context *,
int (*)(void *, unsigned char *, size_t), void *,
const unsigned char *, size_t, size_t );
#ifdef __cplusplus
}

View File

@ -27,7 +27,11 @@
#ifndef POLARSSL_DEBUG_H
#define POLARSSL_DEBUG_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include "ssl.h"
#if defined(POLARSSL_ECP_C)
#include "ecp.h"
@ -35,6 +39,24 @@
#if defined(POLARSSL_DEBUG_C)
#define POLARSSL_DEBUG_LOG_FULL 0 /**< Include file:line in log lines */
#define POLARSSL_DEBUG_LOG_RAW 1 /**< Only log raw debug lines */
/**
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
* Either change them in config.h or define them on the compiler command line.
* \{
*/
#if !defined(POLARSSL_DEBUG_DFL_MODE)
#define POLARSSL_DEBUG_DFL_MODE POLARSSL_DEBUG_LOG_FULL /**< Default log: Full or Raw */
#endif
/* \} name SECTION: Module settings */
#define SSL_DEBUG_MSG( level, args ) \
debug_print_msg( ssl, level, __FILE__, __LINE__, debug_fmt args );
@ -59,7 +81,7 @@
debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt );
#endif
#else
#else /* POLARSSL_DEBUG_C */
#define SSL_DEBUG_MSG( level, args ) do { } while( 0 )
#define SSL_DEBUG_RET( level, text, ret ) do { } while( 0 )
@ -68,12 +90,30 @@
#define SSL_DEBUG_ECP( level, text, X ) do { } while( 0 )
#define SSL_DEBUG_CRT( level, text, crt ) do { } while( 0 )
#endif
#endif /* POLARSSL_DEBUG_C */
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Set the log mode for the debug functions globally
* (Default value: POLARSSL_DEBUG_DFL_MODE)
*
* \param log_mode The log mode to use (POLARSSL_DEBUG_LOG_FULL or
* POLARSSL_DEBUG_LOG_RAW)
*/
void debug_set_log_mode( int log_mode );
/**
* \brief Set the level threshold to handle globally. Messages that have a
* level over the threshold value are ignored.
* (Default value: 0 (No debug))
*
* \param threshold maximum level of messages to pass on
*/
void debug_set_threshold( int threshold );
char *debug_fmt( const char *format, ... );
void debug_print_msg( const ssl_context *ssl, int level,

View File

@ -3,7 +3,7 @@
*
* \brief DES block cipher
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -27,7 +27,11 @@
#ifndef POLARSSL_DES_H
#define POLARSSL_DES_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include <string.h>
@ -73,6 +77,34 @@ typedef struct
}
des3_context;
/**
* \brief Initialize DES context
*
* \param ctx DES context to be initialized
*/
void des_init( des_context *ctx );
/**
* \brief Clear DES context
*
* \param ctx DES context to be cleared
*/
void des_free( des_context *ctx );
/**
* \brief Initialize Triple-DES context
*
* \param ctx DES3 context to be initialized
*/
void des3_init( des3_context *ctx );
/**
* \brief Clear Triple-DES context
*
* \param ctx DES3 context to be cleared
*/
void des3_free( des3_context *ctx );
/**
* \brief Set key parity on the given key to odd.
*
@ -132,7 +164,8 @@ int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] );
*
* \return 0
*/
int des3_set2key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] );
int des3_set2key_enc( des3_context *ctx,
const unsigned char key[DES_KEY_SIZE * 2] );
/**
* \brief Triple-DES key schedule (112-bit, decryption)
@ -142,7 +175,8 @@ int des3_set2key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE *
*
* \return 0
*/
int des3_set2key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] );
int des3_set2key_dec( des3_context *ctx,
const unsigned char key[DES_KEY_SIZE * 2] );
/**
* \brief Triple-DES key schedule (168-bit, encryption)
@ -152,7 +186,8 @@ int des3_set2key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE *
*
* \return 0
*/
int des3_set3key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] );
int des3_set3key_enc( des3_context *ctx,
const unsigned char key[DES_KEY_SIZE * 3] );
/**
* \brief Triple-DES key schedule (168-bit, decryption)
@ -162,7 +197,8 @@ int des3_set3key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE *
*
* \return 0
*/
int des3_set3key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] );
int des3_set3key_dec( des3_context *ctx,
const unsigned char key[DES_KEY_SIZE * 3] );
/**
* \brief DES-ECB block encryption/decryption

View File

@ -43,6 +43,8 @@
#define POLARSSL_ERR_DHM_FILE_IO_ERROR -0x3480 /**< Read/write of file failed. */
/**
* RFC 2409 defines a number of standardized Diffie-Hellman groups
* that can be used.
* RFC 3526 defines a number of standardized Diffie-Hellman groups
* for IKE.
* RFC 5114 defines a number of standardized Diffie-Hellman groups
@ -51,11 +53,22 @@
* Some are included here for convenience.
*
* Included are:
* RFC 2409 6.2. 1024-bit MODP Group (Second Oakley Group)
* RFC 3526 3. 2048-bit MODP Group
* RFC 3526 4. 3072-bit MODP Group
* RFC 5114 2.1. 1024-bit MODP Group with 160-bit Prime Order Subgroup
* RFC 5114 2.2. 2048-bit MODP Group with 224-bit Prime Order Subgroup
*/
#define POLARSSL_DHM_RFC2409_MODP_1024_P \
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" \
"FFFFFFFFFFFFFFFF"
#define POLARSSL_DHM_RFC2409_MODP_1024_G "02"
#define POLARSSL_DHM_RFC3526_MODP_2048_P \
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
@ -156,6 +169,13 @@ typedef struct
}
dhm_context;
/**
* \brief Initialize DHM context
*
* \param ctx DHM context to be initialized
*/
void dhm_init( dhm_context *ctx );
/**
* \brief Parse the ServerKeyExchange parameters
*
@ -224,7 +244,8 @@ int dhm_make_public( dhm_context *ctx, int x_size,
*
* \param ctx DHM context
* \param output destination buffer
* \param olen number of chars written
* \param olen on entry, must hold the size of the destination buffer
* on exit, holds the actual number of bytes written
* \param f_rng RNG function, for blinding purposes
* \param p_rng RNG parameter
*
@ -242,7 +263,9 @@ int dhm_calc_secret( dhm_context *ctx,
void *p_rng );
/**
* \brief Free the components of a DHM key
* \brief Free and clear the components of a DHM key
*
* \param ctx DHM context to free and clear
*/
void dhm_free( dhm_context *ctx );
@ -285,4 +308,4 @@ int dhm_self_test( int verbose );
}
#endif
#endif
#endif /* dhm.h */

View File

@ -47,23 +47,24 @@ typedef enum
*/
typedef struct
{
ecp_group grp; /*!< ellipitic curve used */
mpi d; /*!< our secret value */
ecp_point Q; /*!< our public value */
ecp_point Qp; /*!< peer's public value */
ecp_group grp; /*!< elliptic curve used */
mpi d; /*!< our secret value (private key) */
ecp_point Q; /*!< our public value (public key) */
ecp_point Qp; /*!< peer's public value (public key) */
mpi z; /*!< shared secret */
int point_format; /*!< format for point export */
int point_format; /*!< format for point export in TLS messages */
ecp_point Vi; /*!< blinding value (for later) */
ecp_point Vf; /*!< un-blinding value (for later) */
mpi _d; /*!< previous d */
mpi _d; /*!< previous d (for later) */
}
ecdh_context;
/**
* \brief Generate a public key
* \brief Generate a public key.
* Raw function that only does the core computation.
*
* \param grp ECP group
* \param d Destination MPI (secret exponent)
* \param d Destination MPI (secret exponent, aka private key)
* \param Q Destination point (public key)
* \param f_rng RNG function
* \param p_rng RNG parameter
@ -77,11 +78,12 @@ int ecdh_gen_public( ecp_group *grp, mpi *d, ecp_point *Q,
/**
* \brief Compute shared secret
* Raw function that only does the core computation.
*
* \param grp ECP group
* \param z Destination MPI (shared secret)
* \param Q Public key from other party
* \param d Our secret exponent
* \param d Our secret exponent (private key)
* \param f_rng RNG function (see notes)
* \param p_rng RNG parameter
*
@ -112,7 +114,8 @@ void ecdh_init( ecdh_context *ctx );
void ecdh_free( ecdh_context *ctx );
/**
* \brief Setup and write the ServerKeyExhange parameters
* \brief Generate a public key and a TLS ServerKeyExchange payload.
* (First function used by a TLS server for ECDHE.)
*
* \param ctx ECDH context
* \param olen number of chars written
@ -132,7 +135,8 @@ int ecdh_make_params( ecdh_context *ctx, size_t *olen,
void *p_rng );
/**
* \brief Parse the ServerKeyExhange parameters
* \brief Parse and procress a TLS ServerKeyExhange payload.
* (First function used by a TLS client for ECDHE.)
*
* \param ctx ECDH context
* \param buf pointer to start of input buffer
@ -144,7 +148,10 @@ int ecdh_read_params( ecdh_context *ctx,
const unsigned char **buf, const unsigned char *end );
/**
* \brief Setup an ECDH context from an EC key
* \brief Setup an ECDH context from an EC key.
* (Used by clients and servers in place of the
* ServerKeyEchange for static ECDH: import ECDH parameters
* from a certificate's EC key information.)
*
* \param ctx ECDH constext to set
* \param key EC key to use
@ -156,7 +163,8 @@ int ecdh_get_params( ecdh_context *ctx, const ecp_keypair *key,
ecdh_side side );
/**
* \brief Setup and export the client's public value
* \brief Generate a public key and a TLS ClientKeyExchange payload.
* (Second function used by a TLS client for ECDH(E).)
*
* \param ctx ECDH context
* \param olen number of bytes actually written
@ -173,7 +181,8 @@ int ecdh_make_public( ecdh_context *ctx, size_t *olen,
void *p_rng );
/**
* \brief Parse and import the client's public value
* \brief Parse and process a TLS ClientKeyExchange payload.
* (Second function used by a TLS server for ECDH(E).)
*
* \param ctx ECDH context
* \param buf start of input buffer
@ -185,7 +194,8 @@ int ecdh_read_public( ecdh_context *ctx,
const unsigned char *buf, size_t blen );
/**
* \brief Derive and export the shared secret
* \brief Derive and export the shared secret.
* (Last function used by both TLS client en servers.)
*
* \param ctx ECDH context
* \param olen number of bytes written
@ -212,4 +222,4 @@ int ecdh_self_test( int verbose );
}
#endif
#endif
#endif /* ecdh.h */

View File

@ -30,7 +30,7 @@
#include "ecp.h"
#if defined(POLARSSL_ECDSA_DETERMINISTIC)
#include "polarssl/md.h"
#include "md.h"
#endif
/**
@ -40,7 +40,7 @@
*/
typedef struct
{
ecp_group grp; /*!< ellipitic curve used */
ecp_group grp; /*!< elliptic curve used */
mpi d; /*!< secret signature key */
ecp_point Q; /*!< public signature key */
mpi r; /*!< first integer from signature */
@ -90,7 +90,7 @@ int ecdsa_sign( ecp_group *grp, mpi *r, mpi *s,
int ecdsa_sign_det( ecp_group *grp, mpi *r, mpi *s,
const mpi *d, const unsigned char *buf, size_t blen,
md_type_t md_alg );
#endif
#endif /* POLARSSL_ECDSA_DETERMINISTIC */
/**
* \brief Verify ECDSA signature of a previously hashed message
@ -163,7 +163,7 @@ int ecdsa_write_signature_det( ecdsa_context *ctx,
const unsigned char *hash, size_t hlen,
unsigned char *sig, size_t *slen,
md_type_t md_alg );
#endif
#endif /* POLARSSL_ECDSA_DETERMINISTIC */
/**
* \brief Read and verify an ECDSA signature
@ -175,7 +175,9 @@ int ecdsa_write_signature_det( ecdsa_context *ctx,
* \param slen Size of sig
*
* \return 0 if successful,
* POLARSSL_ERR_ECP_BAD_INPUT_DATA if signature is invalid
* POLARSSL_ERR_ECP_BAD_INPUT_DATA if signature is invalid,
* POLARSSL_ERR_ECP_SIG_LEN_MISTMATCH if the signature is
* valid but its actual length is less than siglen,
* or a POLARSSL_ERR_ECP or POLARSSL_ERR_MPI error code
*/
int ecdsa_read_signature( ecdsa_context *ctx,
@ -231,4 +233,4 @@ int ecdsa_self_test( int verbose );
}
#endif
#endif
#endif /* ecdsa.h */

View File

@ -39,6 +39,7 @@
#define POLARSSL_ERR_ECP_MALLOC_FAILED -0x4D80 /**< Memory allocation failed. */
#define POLARSSL_ERR_ECP_RANDOM_FAILED -0x4D00 /**< Generation of random value, such as (ephemeral) key, failed. */
#define POLARSSL_ERR_ECP_INVALID_KEY -0x4C80 /**< Invalid private or public key. */
#define POLARSSL_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 /**< Signature is valid but shorter than the user-supplied length. */
#ifdef __cplusplus
extern "C" {
@ -68,9 +69,9 @@ typedef enum
POLARSSL_ECP_DP_M255, /*!< Curve25519 */
POLARSSL_ECP_DP_M383, /*!< (not implemented yet) */
POLARSSL_ECP_DP_M511, /*!< (not implemented yet) */
POLARSSL_ECP_DP_SECP192K1, /*!< (not implemented yet) */
POLARSSL_ECP_DP_SECP224K1, /*!< (not implemented yet) */
POLARSSL_ECP_DP_SECP256K1, /*!< 256-bits Koblitz curve */
POLARSSL_ECP_DP_SECP192K1, /*!< 192-bits "Koblitz" curve */
POLARSSL_ECP_DP_SECP224K1, /*!< 224-bits "Koblitz" curve */
POLARSSL_ECP_DP_SECP256K1, /*!< 256-bits "Koblitz" curve */
} ecp_group_id;
/**
@ -118,8 +119,11 @@ ecp_point;
* short weierstrass, this subgroup is actually the whole curve, and its
* cardinal is denoted by N.
*
* In the case of Short Weierstrass curves, our code requires that N is an odd
* prime. (Use odd in ecp_mul() and prime in ecdsa_sign() for blinding.)
*
* In the case of Montgomery curves, we don't store A but (A + 2) / 4 which is
* the quantity actualy used in the formulas. Also, nbits is not the size of N
* the quantity actually used in the formulas. Also, nbits is not the size of N
* but the required size for private keys.
*
* If modp is NULL, reduction modulo P is done using a generic algorithm.
@ -164,7 +168,15 @@ typedef struct
}
ecp_keypair;
#if !defined(POLARSSL_CONFIG_OPTIONS)
/**
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
* Either change them in config.h or define them on the compiler command line.
* \{
*/
#if !defined(POLARSSL_ECP_MAX_BITS)
/**
* Maximum size of the groups (that is, of N and P)
*/
@ -174,7 +186,7 @@ ecp_keypair;
#define POLARSSL_ECP_MAX_BYTES ( ( POLARSSL_ECP_MAX_BITS + 7 ) / 8 )
#define POLARSSL_ECP_MAX_PT_LEN ( 2 * POLARSSL_ECP_MAX_BYTES + 1 )
#if !defined(POLARSSL_CONFIG_OPTIONS)
#if !defined(POLARSSL_ECP_WINDOW_SIZE)
/*
* Maximum "window" size used for point multiplication.
* Default: 6.
@ -191,11 +203,14 @@ ecp_keypair;
* 521 145 141 135 120 97
* 384 214 209 198 177 146
* 256 320 320 303 262 226
* 224 475 475 453 398 342
* 192 640 640 633 587 476
*/
#define POLARSSL_ECP_WINDOW_SIZE 6 /**< Maximum window size used */
#endif /* POLARSSL_ECP_WINDOW_SIZE */
#if !defined(POLARSSL_ECP_FIXED_POINT_OPTIM)
/*
* Trade memory for speed on fixed-point multiplication.
*
@ -208,7 +223,9 @@ ecp_keypair;
* Change this value to 0 to reduce peak memory usage.
*/
#define POLARSSL_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */
#endif
#endif /* POLARSSL_ECP_FIXED_POINT_OPTIM */
/* \} name SECTION: Module settings */
/*
* Point formats, from RFC 4492's enum ECPointFormat
@ -222,12 +239,22 @@ ecp_keypair;
#define POLARSSL_ECP_TLS_NAMED_CURVE 3 /**< ECCurveType's named_curve */
/**
* \brief Return the list of supported curves with associated info
* \brief Get the list of supported curves in order of preferrence
* (full information)
*
* \return A statically allocated array, the last entry is 0.
*/
const ecp_curve_info *ecp_curve_list( void );
/**
* \brief Get the list of supported curves in order of preferrence
* (grp_id only)
*
* \return A statically allocated array,
* terminated with POLARSSL_ECP_DP_NONE.
*/
const ecp_group_id *ecp_grp_id_list( void );
/**
* \brief Get curve information from an internal group identifier
*
@ -366,8 +393,10 @@ int ecp_point_write_binary( const ecp_group *grp, const ecp_point *P,
* \param ilen Actual length of input
*
* \return 0 if successful,
* POLARSSL_ERR_ECP_BAD_INPUT_DATA if input is invalid
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
* POLARSSL_ERR_ECP_BAD_INPUT_DATA if input is invalid,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
* POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE if the point format
* is not implemented.
*
* \note This function does NOT check that the point actually
* belongs to the given group, see ecp_check_pubkey() for
@ -527,7 +556,7 @@ int ecp_sub( const ecp_group *grp, ecp_point *R,
*
* \note If f_rng is not NULL, it is used to randomize intermediate
* results in order to prevent potential timing attacks
* targetting these results. It is recommended to always
* targeting these results. It is recommended to always
* provide a non-NULL f_rng (the overhead is negligible).
*/
int ecp_mul( ecp_group *grp, ecp_point *R,
@ -606,15 +635,17 @@ int ecp_gen_keypair( ecp_group *grp, mpi *d, ecp_point *Q,
int ecp_gen_key( ecp_group_id grp_id, ecp_keypair *key,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
#if defined(POLARSSL_SELF_TEST)
/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
* \return 0 if successful, or 1 if a test failed
*/
int ecp_self_test( int verbose );
#endif
#ifdef __cplusplus
}
#endif
#endif
#endif /* ecp.h */

View File

@ -3,7 +3,7 @@
*
* \brief Entropy accumulator implementation
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -29,9 +29,13 @@
#include <string.h>
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_SHA512_C)
#if defined(POLARSSL_SHA512_C) && !defined(POLARSSL_ENTROPY_FORCE_SHA256)
#include "sha512.h"
#define POLARSSL_ENTROPY_SHA512_ACCUMULATOR
#else
@ -52,11 +56,25 @@
#define POLARSSL_ERR_ENTROPY_SOURCE_FAILED -0x003C /**< Critical entropy source failure. */
#define POLARSSL_ERR_ENTROPY_MAX_SOURCES -0x003E /**< No more sources can be added. */
#define POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED -0x0040 /**< No sources have been added to poll. */
#define POLARSSL_ERR_ENTROPY_FILE_IO_ERROR -0x0058 /**< Read/write error in file. */
#if !defined(POLARSSL_CONFIG_OPTIONS)
/**
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
* Either change them in config.h or define them on the compiler command line.
* \{
*/
#if !defined(ENTROPY_MAX_SOURCES)
#define ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
#endif
#if !defined(ENTROPY_MAX_GATHER)
#define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
#endif /* !POLARSSL_CONFIG_OPTIONS */
#endif
/* \} name SECTION: Module settings */
#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
#define ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */
@ -64,6 +82,7 @@
#define ENTROPY_BLOCK_SIZE 32 /**< Block size of entropy accumulator (SHA-256) */
#endif
#define ENTROPY_MAX_SEED_SIZE 1024 /**< Maximum size of seed we read from seed file */
#define ENTROPY_SOURCE_MANUAL ENTROPY_MAX_SOURCES
#ifdef __cplusplus
@ -133,6 +152,7 @@ void entropy_free( entropy_context *ctx );
/**
* \brief Adds an entropy source to poll
* (Thread-safe if POLARSSL_THREADING_C is enabled)
*
* \param ctx Entropy context
* \param f_source Entropy function
@ -148,6 +168,7 @@ int entropy_add_source( entropy_context *ctx,
/**
* \brief Trigger an extra gather poll for the accumulator
* (Thread-safe if POLARSSL_THREADING_C is enabled)
*
* \param ctx Entropy context
*
@ -156,12 +177,13 @@ int entropy_add_source( entropy_context *ctx,
int entropy_gather( entropy_context *ctx );
/**
* \brief Retrieve entropy from the accumulator (Max ENTROPY_BLOCK_SIZE)
* \brief Retrieve entropy from the accumulator
* (Maximum length: ENTROPY_BLOCK_SIZE)
* (Thread-safe if POLARSSL_THREADING_C is enabled)
*
* \param data Entropy context
* \param output Buffer to fill
* \param len Length of buffer
* \param len Number of bytes desired, must be at most ENTROPY_BLOCK_SIZE
*
* \return 0 if successful, or POLARSSL_ERR_ENTROPY_SOURCE_FAILED
*/
@ -169,6 +191,7 @@ int entropy_func( void *data, unsigned char *output, size_t len );
/**
* \brief Add data to the accumulator manually
* (Thread-safe if POLARSSL_THREADING_C is enabled)
*
* \param ctx Entropy context
* \param data Data to add
@ -179,6 +202,43 @@ int entropy_func( void *data, unsigned char *output, size_t len );
int entropy_update_manual( entropy_context *ctx,
const unsigned char *data, size_t len );
#if defined(POLARSSL_FS_IO)
/**
* \brief Write a seed file
*
* \param ctx Entropy context
* \param path Name of the file
*
* \return 0 if successful,
* POLARSSL_ERR_ENTROPY_FILE_IO_ERROR on file error, or
* POLARSSL_ERR_ENTROPY_SOURCE_FAILED
*/
int entropy_write_seed_file( entropy_context *ctx, const char *path );
/**
* \brief Read and update a seed file. Seed is added to this
* instance. No more than ENTROPY_MAX_SEED_SIZE bytes are
* read from the seed file. The rest is ignored.
*
* \param ctx Entropy context
* \param path Name of the file
*
* \return 0 if successful,
* POLARSSL_ERR_ENTROPY_FILE_IO_ERROR on file error,
* POLARSSL_ERR_ENTROPY_SOURCE_FAILED
*/
int entropy_update_seed_file( entropy_context *ctx, const char *path );
#endif /* POLARSSL_FS_IO */
#if defined(POLARSSL_SELF_TEST)
/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if a test failed
*/
int entropy_self_test( int verbose );
#endif /* POLARSSL_SELF_TEST */
#ifdef __cplusplus
}
#endif

View File

@ -29,7 +29,11 @@
#include <string.h>
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#ifdef __cplusplus
extern "C" {

View File

@ -41,13 +41,15 @@
*
* 16 bit error code bit-segmentation
*
* 1 bit - Intentionally not used
* 1 bit - Sign bit
* 3 bits - High level module ID
* 5 bits - Module-dependent error code
* 6 bits - Low level module errors
* 1 bit - Intentionally not used
* 7 bits - Low level module errors
*
* Low-level module errors (0x007E-0x0002)
* For historical reasons, low-level error codes are divided in even and odd,
* even codes were assigned first, and -1 is reserved for other errors.
*
* Low-level module errors (0x0002-0x007E, 0x0003-0x007F)
*
* Module Nr Codes assigned
* MPI 7 0x0002-0x0010
@ -58,12 +60,13 @@
* CAMELLIA 2 0x0024-0x0026
* XTEA 1 0x0028-0x0028
* BASE64 2 0x002A-0x002C
* OID 1 0x002E-0x002E
* OID 1 0x002E-0x002E 0x000B-0x000B
* PADLOCK 1 0x0030-0x0030
* DES 1 0x0032-0x0032
* CTR_DBRG 3 0x0034-0x003A
* CTR_DBRG 4 0x0034-0x003A
* ENTROPY 3 0x003C-0x0040
* NET 11 0x0042-0x0056
* ENTROPY 1 0x0058-0x0058
* ASN1 7 0x0060-0x006C
* MD2 1 0x0070-0x0070
* MD4 1 0x0072-0x0072
@ -72,23 +75,26 @@
* SHA256 1 0x0078-0x0078
* SHA512 1 0x007A-0x007A
* PBKDF2 1 0x007C-0x007C
* RIPEMD160 1 0x007E-0x007E
* HMAC_DRBG 4 0x0003-0x0009
* CCM 2 0x000D-0x000F
*
* High-level module nr (3 bits - 0x1...-0x8...)
* High-level module nr (3 bits - 0x0...-0x7...)
* Name ID Nr of Errors
* PEM 1 9
* PKCS#12 1 4 (Started from top)
* X509 2 18
* PK 2 13 (Started from top)
* PK 2 14 (Started from top, plus 0x2000)
* DHM 3 9
* PKCS5 3 4 (Started from top)
* RSA 4 9
* ECP 4 7 (Started from top)
* ECP 4 8 (Started from top)
* MD 5 4
* CIPHER 6 6
* SSL 6 8 (Started from top)
* SSL 6 9 (Started from top)
* SSL 7 31
*
* Module dependent error code (5 bits 0x.08.-0x.F8.)
* Module dependent error code (5 bits 0x.00.-0x.F8.)
*/
#ifdef __cplusplus

View File

@ -53,6 +53,13 @@ havege_state;
*/
void havege_init( havege_state *hs );
/**
* \brief Clear HAVEGE state
*
* \param hs HAVEGE state to be cleared
*/
void havege_free( havege_state *hs );
/**
* \brief HAVEGE rand function
*

View File

@ -0,0 +1,284 @@
/**
* \file hmac_drbg.h
*
* \brief HMAC_DRBG (NIST SP 800-90A)
*
* Copyright (C) 2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef POLARSSL_HMAC_DRBG_H
#define POLARSSL_HMAC_DRBG_H
#include "md.h"
/*
* Error codes
*/
#define POLARSSL_ERR_HMAC_DRBG_REQUEST_TOO_BIG -0x0003 /**< Too many random requested in single call. */
#define POLARSSL_ERR_HMAC_DRBG_INPUT_TOO_BIG -0x0005 /**< Input too large (Entropy + additional). */
#define POLARSSL_ERR_HMAC_DRBG_FILE_IO_ERROR -0x0007 /**< Read/write error in file. */
#define POLARSSL_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED -0x0009 /**< The entropy source failed. */
/**
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
* Either change them in config.h or define them on the compiler command line.
* \{
*/
#if !defined(POLARSSL_HMAC_DRBG_RESEED_INTERVAL)
#define POLARSSL_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
#endif
#if !defined(POLARSSL_HMAC_DRBG_MAX_INPUT)
#define POLARSSL_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
#endif
#if !defined(POLARSSL_HMAC_DRBG_MAX_REQUEST)
#define POLARSSL_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
#endif
#if !defined(POLARSSL_HMAC_DRBG_MAX_SEED_INPUT)
#define POLARSSL_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
#endif
/* \} name SECTION: Module settings */
#define POLARSSL_HMAC_DRBG_PR_OFF 0 /**< No prediction resistance */
#define POLARSSL_HMAC_DRBG_PR_ON 1 /**< Prediction resistance enabled */
#ifdef __cplusplus
extern "C" {
#endif
/**
* HMAC_DRBG context.
*/
typedef struct
{
/* Working state: the key K is not stored explicitely,
* but is implied by the HMAC context */
md_context_t md_ctx; /*!< HMAC context (inc. K) */
unsigned char V[POLARSSL_MD_MAX_SIZE]; /*!< V in the spec */
int reseed_counter; /*!< reseed counter */
/* Administrative state */
size_t entropy_len; /*!< entropy bytes grabbed on each (re)seed */
int prediction_resistance; /*!< enable prediction resistance (Automatic
reseed before every random generation) */
int reseed_interval; /*!< reseed interval */
/* Callbacks */
int (*f_entropy)(void *, unsigned char *, size_t); /*!< entropy function */
void *p_entropy; /*!< context for the entropy function */
} hmac_drbg_context;
/**
* \brief HMAC_DRBG initialisation
*
* \param ctx HMAC_DRBG context to be initialised
* \param md_info MD algorithm to use for HMAC_DRBG
* \param f_entropy Entropy callback (p_entropy, buffer to fill, buffer
* length)
* \param p_entropy Entropy context
* \param custom Personalization data (Device specific identifiers)
* (Can be NULL)
* \param len Length of personalization data
*
* \note The "security strength" as defined by NIST is set to:
* 128 bits if md_alg is SHA-1,
* 192 bits if md_alg is SHA-224,
* 256 bits if md_alg is SHA-256 or higher.
* Note that SHA-256 is just as efficient as SHA-224.
*
* \return 0 if successful, or
* POLARSSL_ERR_MD_BAD_INPUT_DATA, or
* POLARSSL_ERR_MD_ALLOC_FAILED, or
* POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED.
*/
int hmac_drbg_init( hmac_drbg_context *ctx,
const md_info_t * md_info,
int (*f_entropy)(void *, unsigned char *, size_t),
void *p_entropy,
const unsigned char *custom,
size_t len );
/**
* \brief Initilisation of simpified HMAC_DRBG (never reseeds).
* (For use with deterministic ECDSA.)
*
* \param ctx HMAC_DRBG context to be initialised
* \param md_info MD algorithm to use for HMAC_DRBG
* \param data Concatenation of entropy string and additional data
* \param data_len Length of data in bytes
*
* \return 0 if successful, or
* POLARSSL_ERR_MD_BAD_INPUT_DATA, or
* POLARSSL_ERR_MD_ALLOC_FAILED.
*/
int hmac_drbg_init_buf( hmac_drbg_context *ctx,
const md_info_t * md_info,
const unsigned char *data, size_t data_len );
/**
* \brief Enable / disable prediction resistance (Default: Off)
*
* Note: If enabled, entropy is used for ctx->entropy_len before each call!
* Only use this if you have ample supply of good entropy!
*
* \param ctx HMAC_DRBG context
* \param resistance POLARSSL_HMAC_DRBG_PR_ON or POLARSSL_HMAC_DRBG_PR_OFF
*/
void hmac_drbg_set_prediction_resistance( hmac_drbg_context *ctx,
int resistance );
/**
* \brief Set the amount of entropy grabbed on each reseed
* (Default: given by the security strength, which
* depends on the hash used, see \c hmac_drbg_init() )
*
* \param ctx HMAC_DRBG context
* \param len Amount of entropy to grab, in bytes
*/
void hmac_drbg_set_entropy_len( hmac_drbg_context *ctx,
size_t len );
/**
* \brief Set the reseed interval
* (Default: POLARSSL_HMAC_DRBG_RESEED_INTERVAL)
*
* \param ctx HMAC_DRBG context
* \param interval Reseed interval
*/
void hmac_drbg_set_reseed_interval( hmac_drbg_context *ctx,
int interval );
/**
* \brief HMAC_DRBG update state
*
* \param ctx HMAC_DRBG context
* \param additional Additional data to update state with, or NULL
* \param add_len Length of additional data, or 0
*
* \note Additional data is optional, pass NULL and 0 as second
* third argument if no additional data is being used.
*/
void hmac_drbg_update( hmac_drbg_context *ctx,
const unsigned char *additional, size_t add_len );
/**
* \brief HMAC_DRBG reseeding (extracts data from entropy source)
*
* \param ctx HMAC_DRBG context
* \param additional Additional data to add to state (Can be NULL)
* \param len Length of additional data
*
* \return 0 if successful, or
* POLARSSL_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
*/
int hmac_drbg_reseed( hmac_drbg_context *ctx,
const unsigned char *additional, size_t len );
/**
* \brief HMAC_DRBG generate random with additional update input
*
* Note: Automatically reseeds if reseed_counter is reached or PR is enabled.
*
* \param p_rng HMAC_DRBG context
* \param output Buffer to fill
* \param output_len Length of the buffer
* \param additional Additional data to update with (can be NULL)
* \param add_len Length of additional data (can be 0)
*
* \return 0 if successful, or
* POLARSSL_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED, or
* POLARSSL_ERR_HMAC_DRBG_REQUEST_TOO_BIG, or
* POLARSSL_ERR_HMAC_DRBG_INPUT_TOO_BIG.
*/
int hmac_drbg_random_with_add( void *p_rng,
unsigned char *output, size_t output_len,
const unsigned char *additional,
size_t add_len );
/**
* \brief HMAC_DRBG generate random
*
* Note: Automatically reseeds if reseed_counter is reached or PR is enabled.
*
* \param p_rng HMAC_DRBG context
* \param output Buffer to fill
* \param out_len Length of the buffer
*
* \return 0 if successful, or
* POLARSSL_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED, or
* POLARSSL_ERR_HMAC_DRBG_REQUEST_TOO_BIG
*/
int hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len );
/**
* \brief Free an HMAC_DRBG context
*
* \param ctx HMAC_DRBG context to free.
*/
void hmac_drbg_free( hmac_drbg_context *ctx );
#if defined(POLARSSL_FS_IO)
/**
* \brief Write a seed file
*
* \param ctx HMAC_DRBG context
* \param path Name of the file
*
* \return 0 if successful, 1 on file error, or
* POLARSSL_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
*/
int hmac_drbg_write_seed_file( hmac_drbg_context *ctx, const char *path );
/**
* \brief Read and update a seed file. Seed is added to this
* instance
*
* \param ctx HMAC_DRBG context
* \param path Name of the file
*
* \return 0 if successful, 1 on file error,
* POLARSSL_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED or
* POLARSSL_ERR_HMAC_DRBG_INPUT_TOO_BIG
*/
int hmac_drbg_update_seed_file( hmac_drbg_context *ctx, const char *path );
#endif /* POLARSSL_FS_IO */
#if defined(POLARSSL_SELF_TEST)
/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
*/
int hmac_drbg_self_test( int verbose );
#endif
#ifdef __cplusplus
}
#endif
#endif /* hmac_drbg.h */

View File

@ -5,7 +5,7 @@
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -98,10 +98,12 @@ typedef struct {
int (*file_func)( const char *path, unsigned char *output );
/** HMAC Initialisation function */
void (*hmac_starts_func)( void *ctx, const unsigned char *key, size_t keylen );
void (*hmac_starts_func)( void *ctx, const unsigned char *key,
size_t keylen );
/** HMAC update function */
void (*hmac_update_func)( void *ctx, const unsigned char *input, size_t ilen );
void (*hmac_update_func)( void *ctx, const unsigned char *input,
size_t ilen );
/** HMAC finalisation function */
void (*hmac_finish_func)( void *ctx, unsigned char *output);
@ -171,8 +173,24 @@ const md_info_t *md_info_from_string( const char *md_name );
const md_info_t *md_info_from_type( md_type_t md_type );
/**
* \brief Initialises and fills the message digest context structure with
* the appropriate values.
* \brief Initialize a md_context (as NONE)
*/
void md_init( md_context_t *ctx );
/**
* \brief Free and clear the message-specific context of ctx.
* Freeing ctx itself remains the responsibility of the
* caller.
*/
void md_free( md_context_t *ctx );
/**
* \brief Initialises and fills the message digest context structure
* with the appropriate values.
*
* \note Currently also clears structure. In future versions you
* will be required to call md_init() on the structure
* first.
*
* \param ctx context to initialise. May not be NULL. The
* digest-specific context (ctx->md_ctx) must be NULL. It will
@ -189,10 +207,11 @@ int md_init_ctx( md_context_t *ctx, const md_info_t *md_info );
* \brief Free the message-specific context of ctx. Freeing ctx itself
* remains the responsibility of the caller.
*
* \note Deprecated: Redirects to md_free()
*
* \param ctx Free the message-specific context
*
* \returns 0 on success, POLARSSL_ERR_MD_BAD_INPUT_DATA if parameter
* verification fails.
* \returns 0
*/
int md_free_ctx( md_context_t *ctx );
@ -299,7 +318,8 @@ int md( const md_info_t *md_info, const unsigned char *input, size_t ilen,
* failed, POLARSSL_ERR_MD_FILE_READ_FAILED if fread failed,
* POLARSSL_ERR_MD_BAD_INPUT_DATA if md_info was NULL.
*/
int md_file( const md_info_t *md_info, const char *path, unsigned char *output );
int md_file( const md_info_t *md_info, const char *path,
unsigned char *output );
/**
* \brief Generic HMAC context setup
@ -311,7 +331,8 @@ int md_file( const md_info_t *md_info, const char *path, unsigned char *output )
* \returns 0 on success, POLARSSL_ERR_MD_BAD_INPUT_DATA if parameter
* verification fails.
*/
int md_hmac_starts( md_context_t *ctx, const unsigned char *key, size_t keylen );
int md_hmac_starts( md_context_t *ctx, const unsigned char *key,
size_t keylen );
/**
* \brief Generic HMAC process buffer
@ -323,7 +344,8 @@ int md_hmac_starts( md_context_t *ctx, const unsigned char *key, size_t keylen )
* \returns 0 on success, POLARSSL_ERR_MD_BAD_INPUT_DATA if parameter
* verification fails.
*/
int md_hmac_update( md_context_t *ctx, const unsigned char *input, size_t ilen );
int md_hmac_update( md_context_t *ctx, const unsigned char *input,
size_t ilen );
/**
* \brief Generic HMAC final digest

View File

@ -3,7 +3,7 @@
*
* \brief MD2 message digest algorithm (hash function)
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -27,7 +27,11 @@
#ifndef POLARSSL_MD2_H
#define POLARSSL_MD2_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include <string.h>
@ -56,6 +60,20 @@ typedef struct
}
md2_context;
/**
* \brief Initialize MD2 context
*
* \param ctx MD2 context to be initialized
*/
void md2_init( md2_context *ctx );
/**
* \brief Clear MD2 context
*
* \param ctx MD2 context to be cleared
*/
void md2_free( md2_context *ctx );
/**
* \brief MD2 context setup
*
@ -118,7 +136,8 @@ int md2_file( const char *path, unsigned char output[16] );
* \param key HMAC secret key
* \param keylen length of the HMAC key
*/
void md2_hmac_starts( md2_context *ctx, const unsigned char *key, size_t keylen );
void md2_hmac_starts( md2_context *ctx, const unsigned char *key,
size_t keylen );
/**
* \brief MD2 HMAC process buffer
@ -127,7 +146,8 @@ void md2_hmac_starts( md2_context *ctx, const unsigned char *key, size_t keylen
* \param input buffer holding the data
* \param ilen length of the input data
*/
void md2_hmac_update( md2_context *ctx, const unsigned char *input, size_t ilen );
void md2_hmac_update( md2_context *ctx, const unsigned char *input,
size_t ilen );
/**
* \brief MD2 HMAC final digest

View File

@ -3,7 +3,7 @@
*
* \brief MD4 message digest algorithm (hash function)
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -27,7 +27,11 @@
#ifndef POLARSSL_MD4_H
#define POLARSSL_MD4_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include <string.h>
@ -62,6 +66,20 @@ typedef struct
}
md4_context;
/**
* \brief Initialize MD4 context
*
* \param ctx MD4 context to be initialized
*/
void md4_init( md4_context *ctx );
/**
* \brief Clear MD4 context
*
* \param ctx MD4 context to be cleared
*/
void md4_free( md4_context *ctx );
/**
* \brief MD4 context setup
*
@ -124,7 +142,8 @@ int md4_file( const char *path, unsigned char output[16] );
* \param key HMAC secret key
* \param keylen length of the HMAC key
*/
void md4_hmac_starts( md4_context *ctx, const unsigned char *key, size_t keylen );
void md4_hmac_starts( md4_context *ctx, const unsigned char *key,
size_t keylen );
/**
* \brief MD4 HMAC process buffer
@ -133,7 +152,8 @@ void md4_hmac_starts( md4_context *ctx, const unsigned char *key, size_t keylen
* \param input buffer holding the data
* \param ilen length of the input data
*/
void md4_hmac_update( md4_context *ctx, const unsigned char *input, size_t ilen );
void md4_hmac_update( md4_context *ctx, const unsigned char *input,
size_t ilen );
/**
* \brief MD4 HMAC final digest

View File

@ -27,7 +27,11 @@
#ifndef POLARSSL_MD5_H
#define POLARSSL_MD5_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include <string.h>
@ -62,6 +66,20 @@ typedef struct
}
md5_context;
/**
* \brief Initialize MD5 context
*
* \param ctx MD5 context to be initialized
*/
void md5_init( md5_context *ctx );
/**
* \brief Clear MD5 context
*
* \param ctx MD5 context to be cleared
*/
void md5_free( md5_context *ctx );
/**
* \brief MD5 context setup
*

View File

@ -29,7 +29,11 @@
#ifndef POLARSSL_MD_WRAP_H
#define POLARSSL_MD_WRAP_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include "md.h"
#ifdef __cplusplus

View File

@ -1,9 +1,9 @@
/**
* \file memory.h
*
* \brief Memory allocation layer
* \brief Memory allocation layer (Deprecated to platform layer)
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -27,105 +27,26 @@
#ifndef POLARSSL_MEMORY_H
#define POLARSSL_MEMORY_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include <stdlib.h>
#if !defined(POLARSSL_CONFIG_OPTIONS)
#define POLARSSL_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
#define POLARSSL_MEMORY_STDMALLOC malloc /**< Default allocator to use, can be undefined */
#define POLARSSL_MEMORY_STDFREE free /**< Default free to use, can be undefined */
#endif /* POLARSSL_CONFIG_OPTIONS */
#define MEMORY_VERIFY_NONE 0
#define MEMORY_VERIFY_ALLOC (1 << 0)
#define MEMORY_VERIFY_FREE (1 << 1)
#define MEMORY_VERIFY_ALWAYS (MEMORY_VERIFY_ALLOC | MEMORY_VERIFY_FREE)
#ifdef __cplusplus
extern "C" {
#if defined(POLARSSL_MEMORY_C) && !defined(POLARSSL_PLATFORM_MEMORY)
#define POLARSSL_PLATFORM_MEMORY
#endif
/*
* The function pointers for malloc and free
*/
extern void * (*polarssl_malloc)( size_t len );
extern void (*polarssl_free)( void *ptr );
#include "platform.h"
#include "memory_buffer_alloc.h"
/**
* \brief Set your own memory implementation function pointers
*
* \param malloc_func the malloc function implementation
* \param free_func the free function implementation
*
* \return 0 if successful
*/
int memory_set_own( void * (*malloc_func)( size_t ),
void (*free_func)( void * ) );
#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
/**
* \brief Initialize use of stack-based memory allocator.
* The stack-based allocator does memory management inside the
* presented buffer and does not call malloc() and free().
* It sets the global polarssl_malloc() and polarssl_free() pointers
* to its own functions.
* (Provided polarssl_malloc() and polarssl_free() are thread-safe if
* POLARSSL_THREADING_C is defined)
*
* \note This code is not optimized and provides a straight-forward
* implementation of a stack-based memory allocator.
*
* \param buf buffer to use as heap
* \param len size of the buffer
*
* \return 0 if successful
*/
int memory_buffer_alloc_init( unsigned char *buf, size_t len );
/**
* \brief Free the mutex for thread-safety and clear remaining memory
*/
void memory_buffer_alloc_free();
/**
* \brief Determine when the allocator should automatically verify the state
* of the entire chain of headers / meta-data.
* (Default: MEMORY_VERIFY_NONE)
*
* \param verify One of MEMORY_VERIFY_NONE, MEMORY_VERIFY_ALLOC,
* MEMORY_VERIFY_FREE or MEMORY_VERIFY_ALWAYS
*/
void memory_buffer_set_verify( int verify );
#if defined(POLARSSL_MEMORY_DEBUG)
/**
* \brief Print out the status of the allocated memory (primarily for use
* after a program should have de-allocated all memory)
* Prints out a list of 'still allocated' blocks and their stack
* trace if POLARSSL_MEMORY_BACKTRACE is defined.
*/
void memory_buffer_alloc_status();
#endif /* POLARSSL_MEMORY_DEBUG */
/**
* \brief Verifies that all headers in the memory buffer are correct
* and contain sane values. Helps debug buffer-overflow errors.
*
* Prints out first failure if POLARSSL_MEMORY_DEBUG is defined.
* Prints out full header information if POLARSSL_MEMORY_DEBUG_HEADERS
* is defined. (Includes stack trace information for each block if
* POLARSSL_MEMORY_BACKTRACE is defined as well).
*
* \returns 0 if verified, 1 otherwise
*/
int memory_buffer_alloc_verify();
#endif /* POLARSSL_MEMORY_BUFFER_ALLOC_C */
#ifdef __cplusplus
void (*free_func)( void * ) )
{
return platform_set_malloc_free( malloc_func, free_func );
}
#endif
#endif /* memory.h */

View File

@ -0,0 +1,122 @@
/**
* \file memory_buffer_alloc.h
*
* \brief Buffer-based memory allocator
*
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef POLARSSL_MEMORY_BUFFER_ALLOC_H
#define POLARSSL_MEMORY_BUFFER_ALLOC_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include <stdlib.h>
/**
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
* Either change them in config.h or define them on the compiler command line.
* \{
*/
#if !defined(POLARSSL_MEMORY_ALIGN_MULTIPLE)
#define POLARSSL_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
#endif
/* \} name SECTION: Module settings */
#define MEMORY_VERIFY_NONE 0
#define MEMORY_VERIFY_ALLOC (1 << 0)
#define MEMORY_VERIFY_FREE (1 << 1)
#define MEMORY_VERIFY_ALWAYS (MEMORY_VERIFY_ALLOC | MEMORY_VERIFY_FREE)
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Initialize use of stack-based memory allocator.
* The stack-based allocator does memory management inside the
* presented buffer and does not call malloc() and free().
* It sets the global polarssl_malloc() and polarssl_free() pointers
* to its own functions.
* (Provided polarssl_malloc() and polarssl_free() are thread-safe if
* POLARSSL_THREADING_C is defined)
*
* \note This code is not optimized and provides a straight-forward
* implementation of a stack-based memory allocator.
*
* \param buf buffer to use as heap
* \param len size of the buffer
*
* \return 0 if successful
*/
int memory_buffer_alloc_init( unsigned char *buf, size_t len );
/**
* \brief Free the mutex for thread-safety and clear remaining memory
*/
void memory_buffer_alloc_free( void );
/**
* \brief Determine when the allocator should automatically verify the state
* of the entire chain of headers / meta-data.
* (Default: MEMORY_VERIFY_NONE)
*
* \param verify One of MEMORY_VERIFY_NONE, MEMORY_VERIFY_ALLOC,
* MEMORY_VERIFY_FREE or MEMORY_VERIFY_ALWAYS
*/
void memory_buffer_set_verify( int verify );
#if defined(POLARSSL_MEMORY_DEBUG)
/**
* \brief Print out the status of the allocated memory (primarily for use
* after a program should have de-allocated all memory)
* Prints out a list of 'still allocated' blocks and their stack
* trace if POLARSSL_MEMORY_BACKTRACE is defined.
*/
void memory_buffer_alloc_status( void );
#endif /* POLARSSL_MEMORY_DEBUG */
/**
* \brief Verifies that all headers in the memory buffer are correct
* and contain sane values. Helps debug buffer-overflow errors.
*
* Prints out first failure if POLARSSL_MEMORY_DEBUG is defined.
* Prints out full header information if POLARSSL_MEMORY_DEBUG_HEADERS
* is defined. (Includes stack trace information for each block if
* POLARSSL_MEMORY_BACKTRACE is defined as well).
*
* \returns 0 if verified, 1 otherwise
*/
int memory_buffer_alloc_verify( void );
#ifdef __cplusplus
}
#endif
#endif /* memory_buffer_alloc.h */

View File

@ -3,7 +3,7 @@
*
* \brief Object Identifier (OID) database
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -28,7 +28,11 @@
#define POLARSSL_OID_H
#include <string.h>
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include "asn1.h"
#include "pk.h"
#if defined(POLARSSL_CIPHER_C)
@ -44,6 +48,7 @@
#endif
#define POLARSSL_ERR_OID_NOT_FOUND -0x002E /**< OID is not found. */
#define POLARSSL_ERR_OID_BUF_TOO_SMALL -0x000B /**< output buffer is too small */
/*
* Top level OID tuples
@ -104,14 +109,23 @@
*/
#define OID_AT OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */
#define OID_AT_CN OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */
#define OID_AT_SUR_NAME OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */
#define OID_AT_SERIAL_NUMBER OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */
#define OID_AT_COUNTRY OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */
#define OID_AT_LOCALITY OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */
#define OID_AT_STATE OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */
#define OID_AT_ORGANIZATION OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */
#define OID_AT_ORG_UNIT OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */
#define OID_AT_TITLE OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */
#define OID_AT_POSTAL_ADDRESS OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */
#define OID_AT_POSTAL_CODE OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */
#define OID_AT_GIVEN_NAME OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
#define OID_AT_INITIALS OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
#define OID_AT_GENERATION_QUALIFIER OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
#define OID_AT_DN_QUALIFIER OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
#define OID_AT_PSEUDONYM OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
#define OID_DOMAIN_COMPONENT "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */
/*
* OIDs for standard certificate extensions
@ -193,6 +207,10 @@
#define OID_PKCS9_EMAIL OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */
/* RFC 4055 */
#define OID_RSASSA_PSS OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */
#define OID_MGF1 OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */
/*
* Digest algorithms
*/
@ -316,7 +334,16 @@
#define OID_EC_GRP_BP512R1 OID_EC_BRAINPOOL_V1 "\x0D"
/*
* ECDSA signature identifers, from RFC 5480
* SEC1 C.1
*
* prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
* id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1)}
*/
#define OID_ANSI_X9_62_FIELD_TYPE OID_ANSI_X9_62 "\x01"
#define OID_ANSI_X9_62_PRIME_FIELD OID_ANSI_X9_62_FIELD_TYPE "\x01"
/*
* ECDSA signature identifiers, from RFC 5480
*/
#define OID_ANSI_X9_62_SIG OID_ANSI_X9_62 "\x04" /* signatures(4) */
#define OID_ANSI_X9_62_SIG_SHA2 OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */
@ -367,7 +394,8 @@ typedef struct {
* \param size size of the buffer
* \param oid OID to translate
*
* \return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL or actual length used
* \return Length of the string written (excluding final NULL) or
* POLARSSL_ERR_OID_BUF_TO_SMALL in case of error
*/
int oid_get_numeric_string( char *buf, size_t size, const asn1_buf *oid );

View File

@ -1,9 +1,10 @@
/**
* \file padlock.h
*
* \brief VIA PadLock ACE for HW encryption/decryption supported by some processors
* \brief VIA PadLock ACE for HW encryption/decryption supported by some
* processors
*
* Copyright (C) 2006-2010, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>

View File

@ -28,7 +28,11 @@
#ifndef POLARSSL_PK_H
#define POLARSSL_PK_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include "md.h"
@ -57,6 +61,7 @@
#define POLARSSL_ERR_PK_INVALID_ALG -0x2A80 /**< The algorithm tag or value is invalid. */
#define POLARSSL_ERR_PK_UNKNOWN_NAMED_CURVE -0x2A00 /**< Elliptic curve is unsupported (only NIST curves are supported). */
#define POLARSSL_ERR_PK_FEATURE_UNAVAILABLE -0x2980 /**< Unavailable feature, e.g. RSA disabled for RSA key. */
#define POLARSSL_ERR_PK_SIG_LEN_MISMATCH -0x2000 /**< The signature is valid but its length is less than expected. */
#if defined(POLARSSL_RSA_C)
@ -94,8 +99,20 @@ typedef enum {
POLARSSL_PK_ECKEY_DH,
POLARSSL_PK_ECDSA,
POLARSSL_PK_RSA_ALT,
POLARSSL_PK_RSASSA_PSS,
} pk_type_t;
/**
* \brief Options for RSASSA-PSS signature verification.
* See \c rsa_rsassa_pss_verify_ext()
*/
typedef struct
{
md_type_t mgf1_hash_id;
int expected_salt_len;
} pk_rsassa_pss_options;
/**
* \brief Types for interfacing with the debug module
*/
@ -234,7 +251,7 @@ int pk_init_ctx( pk_context *ctx, const pk_info_t *info );
* \param key RSA key pointer
* \param decrypt_func Decryption function
* \param sign_func Signing function
* \param key_len_func Function returning key length
* \param key_len_func Function returning key length in bytes
*
* \return 0 on success, or POLARSSL_ERR_PK_BAD_INPUT_DATA if the
* context wasn't already initialized as RSA_ALT.
@ -278,7 +295,7 @@ static inline size_t pk_get_len( const pk_context *ctx )
int pk_can_do( pk_context *ctx, pk_type_t type );
/**
* \brief Verify signature
* \brief Verify signature (including padding if relevant).
*
* \param ctx PK context to use
* \param md_alg Hash algorithm used (see notes)
@ -288,8 +305,14 @@ int pk_can_do( pk_context *ctx, pk_type_t type );
* \param sig_len Signature length
*
* \return 0 on success (signature is valid),
* POLARSSL_ERR_PK_SIG_LEN_MISMATCH if the signature is
* valid but its actual length is less than sig_len,
* or a specific error code.
*
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
* Use \c pk_verify_ext( POLARSSL_PK_RSASSA_PSS, ... )
* to verify RSASSA_PSS signatures.
*
* \note If hash_len is 0, then the length associated with md_alg
* is used instead, or an error returned if it is invalid.
*
@ -300,7 +323,41 @@ int pk_verify( pk_context *ctx, md_type_t md_alg,
const unsigned char *sig, size_t sig_len );
/**
* \brief Make signature
* \brief Verify signature, with options.
* (Includes verification of the padding depending on type.)
*
* \param type Signature type (inc. possible padding type) to verify
* \param options Pointer to type-specific options, or NULL
* \param ctx PK context to use
* \param md_alg Hash algorithm used (see notes)
* \param hash Hash of the message to sign
* \param hash_len Hash length or 0 (see notes)
* \param sig Signature to verify
* \param sig_len Signature length
*
* \return 0 on success (signature is valid),
* POLARSSL_ERR_PK_TYPE_MISMATCH if the PK context can't be
* used for this type of signatures,
* POLARSSL_ERR_PK_SIG_LEN_MISMATCH if the signature is
* valid but its actual length is less than sig_len,
* or a specific error code.
*
* \note If hash_len is 0, then the length associated with md_alg
* is used instead, or an error returned if it is invalid.
*
* \note md_alg may be POLARSSL_MD_NONE, only if hash_len != 0
*
* \note If type is POLARSSL_PK_RSASSA_PSS, then options must point
* to a pk_rsassa_pss_options structure,
* otherwise it must be NULL.
*/
int pk_verify_ext( pk_type_t type, const void *options,
pk_context *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len );
/**
* \brief Make signature, including padding if relevant.
*
* \param ctx PK context to use
* \param md_alg Hash algorithm used (see notes)
@ -313,6 +370,10 @@ int pk_verify( pk_context *ctx, md_type_t md_alg,
*
* \return 0 on success, or a specific error code.
*
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
* There is no interface in the PK module to make RSASSA-PSS
* signatures yet.
*
* \note If hash_len is 0, then the length associated with md_alg
* is used instead, or an error returned if it is invalid.
*
@ -324,7 +385,7 @@ int pk_sign( pk_context *ctx, md_type_t md_alg,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
/**
* \brief Decrypt message
* \brief Decrypt message (including padding if relevant).
*
* \param ctx PK context to use
* \param input Input to decrypt
@ -335,6 +396,8 @@ int pk_sign( pk_context *ctx, md_type_t md_alg,
* \param f_rng RNG function
* \param p_rng RNG parameter
*
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
*
* \return 0 on success, or a specific error code.
*/
int pk_decrypt( pk_context *ctx,
@ -343,7 +406,7 @@ int pk_decrypt( pk_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
/**
* \brief Encrypt message
* \brief Encrypt message (including padding if relevant).
*
* \param ctx PK context to use
* \param input Message to encrypt
@ -354,6 +417,8 @@ int pk_decrypt( pk_context *ctx,
* \param f_rng RNG function
* \param p_rng RNG parameter
*
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
*
* \return 0 on success, or a specific error code.
*/
int pk_encrypt( pk_context *ctx,
@ -400,6 +465,12 @@ pk_type_t pk_get_type( const pk_context *ctx );
* \param pwd password for decryption (optional)
* \param pwdlen size of the password
*
* \note On entry, ctx must be empty, either freshly initialised
* with pk_init() or reset with pk_free(). If you need a
* specific key type, check the result with pk_can_do().
*
* \note The key is also checked for correctness.
*
* \return 0 if successful, or a specific PK or PEM error code
*/
int pk_parse_key( pk_context *ctx,
@ -414,6 +485,12 @@ int pk_parse_key( pk_context *ctx,
* \param key input buffer
* \param keylen size of the buffer
*
* \note On entry, ctx must be empty, either freshly initialised
* with pk_init() or reset with pk_free(). If you need a
* specific key type, check the result with pk_can_do().
*
* \note The key is also checked for correctness.
*
* \return 0 if successful, or a specific PK or PEM error code
*/
int pk_parse_public_key( pk_context *ctx,
@ -428,6 +505,12 @@ int pk_parse_public_key( pk_context *ctx,
* \param path filename to read the private key from
* \param password password to decrypt the file (can be NULL)
*
* \note On entry, ctx must be empty, either freshly initialised
* with pk_init() or reset with pk_free(). If you need a
* specific key type, check the result with pk_can_do().
*
* \note The key is also checked for correctness.
*
* \return 0 if successful, or a specific PK or PEM error code
*/
int pk_parse_keyfile( pk_context *ctx,
@ -440,6 +523,12 @@ int pk_parse_keyfile( pk_context *ctx,
* \param ctx key to be initialized
* \param path filename to read the private key from
*
* \note On entry, ctx must be empty, either freshly initialised
* with pk_init() or reset with pk_free(). If you need a
* specific key type, check the result with pk_can_do().
*
* \note The key is also checked for correctness.
*
* \return 0 if successful, or a specific PK or PEM error code
*/
int pk_parse_public_keyfile( pk_context *ctx, const char *path );

View File

@ -28,7 +28,11 @@
#ifndef POLARSSL_PK_WRAP_H
#define POLARSSL_PK_WRAP_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include "pk.h"

View File

@ -5,7 +5,7 @@
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -29,7 +29,11 @@
#ifndef POLARSSL_PKCS11_H
#define POLARSSL_PKCS11_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_PKCS11_C)
@ -89,7 +93,8 @@ int pkcs11_priv_key_init( pkcs11_context *priv_key,
void pkcs11_priv_key_free( pkcs11_context *priv_key );
/**
* \brief Do an RSA private key decrypt, then remove the message padding
* \brief Do an RSA private key decrypt, then remove the message
* padding
*
* \param ctx PKCS #11 context
* \param mode must be RSA_PRIVATE, for compatibility with rsa.c's signature
@ -115,8 +120,8 @@ int pkcs11_decrypt( pkcs11_context *ctx,
*
* \param ctx PKCS #11 context
* \param mode must be RSA_PRIVATE, for compatibility with rsa.c's signature
* \param hash_id SIG_RSA_RAW, SIG_RSA_MD{2,4,5} or SIG_RSA_SHA{1,224,256,384,512}
* \param hashlen message digest length (for SIG_RSA_RAW only)
* \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
* \param hashlen message digest length (for POLARSSL_MD_NONE only)
* \param hash buffer holding the message digest
* \param sig buffer that will hold the ciphertext
*

View File

@ -0,0 +1,128 @@
/**
* \file platform.h
*
* \brief PolarSSL Platform abstraction layer
*
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef POLARSSL_PLATFORM_H
#define POLARSSL_PLATFORM_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include <stdio.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
* Either change them in config.h or define them on the compiler command line.
* \{
*/
#if !defined(POLARSSL_PLATFORM_NO_STD_FUNCTIONS)
#include <stdlib.h>
#if !defined(POLARSSL_PLATFORM_STD_PRINTF)
#define POLARSSL_PLATFORM_STD_PRINTF printf /**< Default printf to use */
#endif
#if !defined(POLARSSL_PLATFORM_STD_FPRINTF)
#define POLARSSL_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use */
#endif
#if !defined(POLARSSL_PLATFORM_STD_MALLOC)
#define POLARSSL_PLATFORM_STD_MALLOC malloc /**< Default allocator to use */
#endif
#if !defined(POLARSSL_PLATFORM_STD_FREE)
#define POLARSSL_PLATFORM_STD_FREE free /**< Default free to use */
#endif
#else /* POLARSSL_PLATFORM_NO_STD_FUNCTIONS */
#if defined(POLARSSL_PLATFORM_STD_MEM_HDR)
#include POLARSSL_PLATFORM_STD_MEM_HDR
#endif
#endif /* POLARSSL_PLATFORM_NO_STD_FUNCTIONS */
/* \} name SECTION: Module settings */
/*
* The function pointers for malloc and free
*/
#if defined(POLARSSL_PLATFORM_MEMORY)
extern void * (*polarssl_malloc)( size_t len );
extern void (*polarssl_free)( void *ptr );
/**
* \brief Set your own memory implementation function pointers
*
* \param malloc_func the malloc function implementation
* \param free_func the free function implementation
*
* \return 0 if successful
*/
int platform_set_malloc_free( void * (*malloc_func)( size_t ),
void (*free_func)( void * ) );
#else /* POLARSSL_PLATFORM_ENTROPY */
#define polarssl_malloc malloc
#define polarssl_free free
#endif /* POLARSSL_PLATFORM_ENTROPY */
/*
* The function pointers for printf
*/
#if defined(POLARSSL_PLATFORM_PRINTF_ALT)
extern int (*polarssl_printf)( const char *format, ... );
/**
* \brief Set your own printf function pointer
*
* \param printf_func the printf function implementation
*
* \return 0
*/
int platform_set_printf( int (*printf_func)( const char *, ... ) );
#else /* POLARSSL_PLATFORM_PRINTF_ALT */
#define polarssl_printf printf
#endif /* POLARSSL_PLATFORM_PRINTF_ALT */
/*
* The function pointers for fprintf
*/
#if defined(POLARSSL_PLATFORM_FPRINTF_ALT)
extern int (*polarssl_fprintf)( FILE *stream, const char *format, ... );
int platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char *,
... ) );
#else
#define polarssl_fprintf fprintf
#endif
#ifdef __cplusplus
}
#endif
#endif /* platform.h */

View File

@ -1,5 +1,5 @@
/**
* \file rdm160.h
* \file ripemd160.h
*
* \brief RIPE MD-160 message digest
*
@ -27,7 +27,11 @@
#ifndef POLARSSL_RIPEMD160_H
#define POLARSSL_RIPEMD160_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include <string.h>
@ -38,7 +42,7 @@ typedef UINT32 uint32_t;
#include <inttypes.h>
#endif
#define POLARSSL_ERR_RIPEMD160_FILE_IO_ERROR -0x0074 /**< Read/write error in file. */
#define POLARSSL_ERR_RIPEMD160_FILE_IO_ERROR -0x007E /**< Read/write error in file. */
#if !defined(POLARSSL_RIPEMD160_ALT)
// Regular implementation
@ -62,6 +66,20 @@ typedef struct
}
ripemd160_context;
/**
* \brief Initialize RIPEMD-160 context
*
* \param ctx RIPEMD-160 context to be initialized
*/
void ripemd160_init( ripemd160_context *ctx );
/**
* \brief Clear RIPEMD-160 context
*
* \param ctx RIPEMD-160 context to be cleared
*/
void ripemd160_free( ripemd160_context *ctx );
/**
* \brief RIPEMD-160 context setup
*

View File

@ -3,7 +3,7 @@
*
* \brief The RSA public-key cryptosystem
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -27,7 +27,11 @@
#ifndef POLARSSL_RSA_H
#define POLARSSL_RSA_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include "bignum.h"
#include "md.h"
@ -61,6 +65,8 @@
#define RSA_SIGN 1
#define RSA_CRYPT 2
#define RSA_SALT_LEN_ANY -1
/*
* The above constants may be used even if the RSA module is compile out,
* eg for alternative (PKCS#11) RSA implemenations in the PK layers.
@ -122,11 +128,32 @@ rsa_context;
*
* \note The hash_id parameter is actually ignored
* when using RSA_PKCS_V15 padding.
*
* \note Choice of padding mode is strictly enforced for private key
* operations, since there might be security concerns in
* mixing padding modes. For public key operations it's merely
* a default value, which can be overriden by calling specific
* rsa_rsaes_xxx or rsa_rsassa_xxx functions.
*
* \note The chosen hash is always used for OEAP encryption.
* For PSS signatures, it's always used for making signatures,
* but can be overriden (and always is, if set to
* POLARSSL_MD_NONE) for verifying them.
*/
void rsa_init( rsa_context *ctx,
int padding,
int hash_id);
/**
* \brief Set padding for an already initialized RSA context
* See \c rsa_init() for details.
*
* \param ctx RSA context to be set
* \param padding RSA_PKCS_V15 or RSA_PKCS_V21
* \param hash_id RSA_PKCS_V21 hash identifier
*/
void rsa_set_padding( rsa_context *ctx, int padding, int hash_id);
/**
* \brief Generate an RSA keypair
*
@ -386,11 +413,8 @@ int rsa_rsaes_oaep_decrypt( rsa_context *ctx,
* \note The "sig" buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
*
* \note In case of PKCS#1 v2.1 encoding keep in mind that
* the hash_id in the RSA context is the one used for the
* encoding. hash_id in the function call is the type of hash
* that is encoded. According to RFC 3447 it is advised to
* keep both hashes the same.
* \note In case of PKCS#1 v2.1 encoding, see comments on
* \note \c rsa_rsassa_pss_sign() for details on md_alg and hash_id.
*/
int rsa_pkcs1_sign( rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
@ -447,9 +471,8 @@ int rsa_rsassa_pkcs1_v15_sign( rsa_context *ctx,
* \note The "sig" buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
*
* \note In case of PKCS#1 v2.1 encoding keep in mind that
* the hash_id in the RSA context is the one used for the
* encoding. hash_id in the function call is the type of hash
* \note The hash_id in the RSA context is the one used for the
* encoding. md_alg in the function call is the type of hash
* that is encoded. According to RFC 3447 it is advised to
* keep both hashes the same.
*/
@ -482,11 +505,8 @@ int rsa_rsassa_pss_sign( rsa_context *ctx,
* \note The "sig" buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
*
* \note In case of PKCS#1 v2.1 encoding keep in mind that
* the hash_id in the RSA context is the one used for the
* verification. hash_id in the function call is the type of hash
* that is verified. According to RFC 3447 it is advised to
* keep both hashes the same.
* \note In case of PKCS#1 v2.1 encoding, see comments on
* \c rsa_rsassa_pss_verify() about md_alg and hash_id.
*/
int rsa_pkcs1_verify( rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
@ -526,6 +546,7 @@ int rsa_rsassa_pkcs1_v15_verify( rsa_context *ctx,
/**
* \brief Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY)
* (This is the "simple" version.)
*
* \param ctx points to an RSA public key
* \param f_rng RNG function (Only needed for RSA_PRIVATE)
@ -542,11 +563,11 @@ int rsa_rsassa_pkcs1_v15_verify( rsa_context *ctx,
* \note The "sig" buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
*
* \note In case of PKCS#1 v2.1 encoding keep in mind that
* the hash_id in the RSA context is the one used for the
* verification. hash_id in the function call is the type of hash
* that is verified. According to RFC 3447 it is advised to
* keep both hashes the same.
* \note The hash_id in the RSA context is the one used for the
* verification. md_alg in the function call is the type of
* hash that is verified. According to RFC 3447 it is advised to
* keep both hashes the same. If hash_id in the RSA context is
* unset, the md_alg from the function call is used.
*/
int rsa_rsassa_pss_verify( rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
@ -557,6 +578,41 @@ int rsa_rsassa_pss_verify( rsa_context *ctx,
const unsigned char *hash,
const unsigned char *sig );
/**
* \brief Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY)
* (This is the version with "full" options.)
*
* \param ctx points to an RSA public key
* \param f_rng RNG function (Only needed for RSA_PRIVATE)
* \param p_rng RNG parameter
* \param mode RSA_PUBLIC or RSA_PRIVATE
* \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
* \param hashlen message digest length (for POLARSSL_MD_NONE only)
* \param hash buffer holding the message digest
* \param mgf1_hash_id message digest used for mask generation
* \param expected_salt_len Length of the salt used in padding, use
* RSA_SALT_LEN_ANY to accept any salt length
* \param sig buffer holding the ciphertext
*
* \return 0 if the verify operation was successful,
* or an POLARSSL_ERR_RSA_XXX error code
*
* \note The "sig" buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
*
* \note The hash_id in the RSA context is ignored.
*/
int rsa_rsassa_pss_verify_ext( rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode,
md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
md_type_t mgf1_hash_id,
int expected_salt_len,
const unsigned char *sig );
/**
* \brief Copy the components of an RSA context
*

View File

@ -3,7 +3,7 @@
*
* \brief SHA-1 cryptographic hash function
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -27,7 +27,11 @@
#ifndef POLARSSL_SHA1_H
#define POLARSSL_SHA1_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include <string.h>
@ -62,6 +66,20 @@ typedef struct
}
sha1_context;
/**
* \brief Initialize SHA-1 context
*
* \param ctx SHA-1 context to be initialized
*/
void sha1_init( sha1_context *ctx );
/**
* \brief Clear SHA-1 context
*
* \param ctx SHA-1 context to be cleared
*/
void sha1_free( sha1_context *ctx );
/**
* \brief SHA-1 context setup
*
@ -127,7 +145,8 @@ int sha1_file( const char *path, unsigned char output[20] );
* \param key HMAC secret key
* \param keylen length of the HMAC key
*/
void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, size_t keylen );
void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key,
size_t keylen );
/**
* \brief SHA-1 HMAC process buffer
@ -136,7 +155,8 @@ void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, size_t keyle
* \param input buffer holding the data
* \param ilen length of the input data
*/
void sha1_hmac_update( sha1_context *ctx, const unsigned char *input, size_t ilen );
void sha1_hmac_update( sha1_context *ctx, const unsigned char *input,
size_t ilen );
/**
* \brief SHA-1 HMAC final digest

View File

@ -3,7 +3,7 @@
*
* \brief SHA-224 and SHA-256 cryptographic hash function
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -27,7 +27,11 @@
#ifndef POLARSSL_SHA256_H
#define POLARSSL_SHA256_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include <string.h>
@ -63,6 +67,20 @@ typedef struct
}
sha256_context;
/**
* \brief Initialize SHA-256 context
*
* \param ctx SHA-256 context to be initialized
*/
void sha256_init( sha256_context *ctx );
/**
* \brief Clear SHA-256 context
*
* \param ctx SHA-256 context to be cleared
*/
void sha256_free( sha256_context *ctx );
/**
* \brief SHA-256 context setup
*
@ -78,7 +96,8 @@ void sha256_starts( sha256_context *ctx, int is224 );
* \param input buffer holding the data
* \param ilen length of the input data
*/
void sha256_update( sha256_context *ctx, const unsigned char *input, size_t ilen );
void sha256_update( sha256_context *ctx, const unsigned char *input,
size_t ilen );
/**
* \brief SHA-256 final digest
@ -143,7 +162,8 @@ void sha256_hmac_starts( sha256_context *ctx, const unsigned char *key,
* \param input buffer holding the data
* \param ilen length of the input data
*/
void sha256_hmac_update( sha256_context *ctx, const unsigned char *input, size_t ilen );
void sha256_hmac_update( sha256_context *ctx, const unsigned char *input,
size_t ilen );
/**
* \brief SHA-256 HMAC final digest

View File

@ -3,7 +3,7 @@
*
* \brief SHA-384 and SHA-512 cryptographic hash function
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -27,7 +27,11 @@
#ifndef POLARSSL_SHA512_H
#define POLARSSL_SHA512_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include <string.h>
@ -64,6 +68,20 @@ typedef struct
}
sha512_context;
/**
* \brief Initialize SHA-512 context
*
* \param ctx SHA-512 context to be initialized
*/
void sha512_init( sha512_context *ctx );
/**
* \brief Clear SHA-512 context
*
* \param ctx SHA-512 context to be cleared
*/
void sha512_free( sha512_context *ctx );
/**
* \brief SHA-512 context setup
*
@ -79,7 +97,8 @@ void sha512_starts( sha512_context *ctx, int is384 );
* \param input buffer holding the data
* \param ilen length of the input data
*/
void sha512_update( sha512_context *ctx, const unsigned char *input, size_t ilen );
void sha512_update( sha512_context *ctx, const unsigned char *input,
size_t ilen );
/**
* \brief SHA-512 final digest
@ -141,7 +160,8 @@ void sha512_hmac_starts( sha512_context *ctx, const unsigned char *key,
* \param input buffer holding the data
* \param ilen length of the input data
*/
void sha512_hmac_update( sha512_context *ctx, const unsigned char *input, size_t ilen );
void sha512_hmac_update( sha512_context *ctx, const unsigned char *input,
size_t ilen );
/**
* \brief SHA-512 HMAC final digest

View File

@ -3,7 +3,7 @@
*
* \brief SSL/TLS functions.
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -27,9 +27,14 @@
#ifndef POLARSSL_SSL_H
#define POLARSSL_SSL_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include "net.h"
#include "bignum.h"
#include "ecp.h"
#include "ssl_ciphersuites.h"
@ -83,6 +88,12 @@
#define POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED
#endif
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
#define POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED
#endif
#if defined(_MSC_VER) && !defined(inline)
#define inline _inline
#else
@ -131,8 +142,9 @@
#define POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00 /**< Processing of the NewSessionTicket handshake message failed. */
#define POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80 /**< Session ticket has expired. */
#define POLARSSL_ERR_SSL_PK_TYPE_MISMATCH -0x6D00 /**< Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */
#define POLARSSL_ERR_SSL_UNKNOWN_IDENTITY -0x6C80 /**< Unkown identity received (eg, PSK identity) */
#define POLARSSL_ERR_SSL_UNKNOWN_IDENTITY -0x6C80 /**< Unknown identity received (eg, PSK identity) */
#define POLARSSL_ERR_SSL_INTERNAL_ERROR -0x6C00 /**< Internal error (eg, unexpected failure in lower-level module) */
#define POLARSSL_ERR_SSL_COUNTER_WRAPPING -0x6B80 /**< A counter would wrap (eg, too many messages exchanged). */
/*
* Various constants
@ -157,10 +169,10 @@
#else
#if defined(POLARSSL_SSL_PROTO_TLS1_2)
#define SSL_MIN_MINOR_VERSION SSL_MINOR_VERSION_3
#endif
#endif
#endif
#endif
#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
#endif /* POLARSSL_SSL_PROTO_TLS1_1 */
#endif /* POLARSSL_SSL_PROTO_TLS1 */
#endif /* POLARSSL_SSL_PROTO_SSL3 */
/* Determine maximum supported version */
#define SSL_MAX_MAJOR_VERSION SSL_MAJOR_VERSION_3
@ -176,10 +188,10 @@
#else
#if defined(POLARSSL_SSL_PROTO_SSL3)
#define SSL_MAX_MINOR_VERSION SSL_MINOR_VERSION_0
#endif
#endif
#endif
#endif
#endif /* POLARSSL_SSL_PROTO_SSL3 */
#endif /* POLARSSL_SSL_PROTO_TLS1 */
#endif /* POLARSSL_SSL_PROTO_TLS1_1 */
#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
/* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
* NONE must be zero so that memset()ing structure to zero works */
@ -210,6 +222,9 @@
#define SSL_RENEGOTIATION_DISABLED 0
#define SSL_RENEGOTIATION_ENABLED 1
#define SSL_RENEGOTIATION_NOT_ENFORCED -1
#define SSL_RENEGO_MAX_RECORDS_DEFAULT 16
#define SSL_LEGACY_NO_RENEGOTIATION 0
#define SSL_LEGACY_ALLOW_RENEGOTIATION 1
#define SSL_LEGACY_BREAK_HANDSHAKE 2
@ -221,24 +236,36 @@
#define SSL_SESSION_TICKETS_DISABLED 0
#define SSL_SESSION_TICKETS_ENABLED 1
#if !defined(POLARSSL_CONFIG_OPTIONS)
/**
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
* Either change them in config.h or define them on the compiler command line.
* \{
*/
#if !defined(SSL_DEFAULT_TICKET_LIFETIME)
#define SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
#endif /* !POLARSSL_CONFIG_OPTIONS */
#endif
/*
* Size of the input / output buffer.
* Note: the RFC defines the default size of SSL / TLS messages. If you
* change the value here, other clients / servers may not be able to
* communicate with you anymore. Only change this value if you control
* both sides of the connection and have it reduced at both sides!
* both sides of the connection and have it reduced at both sides, or
* if you're using the Max Fragment Length extension and you know all your
* peers are using it too!
*/
#if !defined(POLARSSL_CONFIG_OPTIONS)
#if !defined(SSL_MAX_CONTENT_LEN)
#define SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */
#endif /* !POLARSSL_CONFIG_OPTIONS */
#endif
/* \} name SECTION: Module settings */
/*
* Allow an extra 301 bytes for the record header
* and encryption overhead: counter (8) + header (5) + MAC (32) + padding (256)
* Allow extra bytes for record, authentication and encryption overhead:
* counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256)
* and allow for a maximum of 1024 of compression expansion if
* enabled.
*/
@ -248,8 +275,36 @@
#define SSL_COMPRESSION_ADD 0
#endif
#define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + SSL_COMPRESSION_ADD + 301)
#if defined(POLARSSL_RC4_C) || defined(POLARSSL_CIPHER_MODE_CBC)
/* Ciphersuites using HMAC */
#if defined(POLARSSL_SHA512_C)
#define SSL_MAC_ADD 48 /* SHA-384 used for HMAC */
#elif defined(POLARSSL_SHA256_C)
#define SSL_MAC_ADD 32 /* SHA-256 used for HMAC */
#else
#define SSL_MAC_ADD 20 /* SHA-1 used for HMAC */
#endif
#else
/* AEAD ciphersuites: GCM and CCM use a 128 bits tag */
#define SSL_MAC_ADD 16
#endif
#if defined(POLARSSL_CIPHER_MODE_CBC)
#define SSL_PADDING_ADD 256
#else
#define SSL_PADDING_ADD 0
#endif
#define SSL_BUFFER_LEN ( SSL_MAX_CONTENT_LEN \
+ SSL_COMPRESSION_ADD \
+ 29 /* counter + header + IV */ \
+ SSL_MAC_ADD \
+ SSL_PADDING_ADD \
)
/*
* Signaling ciphersuite values (SCSV)
*/
#define SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */
/*
@ -313,6 +368,7 @@
#define SSL_ALERT_MSG_UNSUPPORTED_EXT 110 /* 0x6E */
#define SSL_ALERT_MSG_UNRECOGNIZED_NAME 112 /* 0x70 */
#define SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115 /* 0x73 */
#define SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */
#define SSL_HS_HELLO_REQUEST 0
#define SSL_HS_CLIENT_HELLO 1
@ -341,6 +397,8 @@
#define TLS_EXT_SIG_ALG 13
#define TLS_EXT_ALPN 16
#define TLS_EXT_SESSION_TICKET 35
#define TLS_EXT_RENEGOTIATION_INFO 0xFF01
@ -355,12 +413,43 @@
/*
* Size defines
*/
#if !defined(POLARSSL_MPI_MAX_SIZE)
#define POLARSSL_PREMASTER_SIZE 512
#else
#define POLARSSL_PREMASTER_SIZE POLARSSL_MPI_MAX_SIZE
#if !defined(POLARSSL_PSK_MAX_LEN)
#define POLARSSL_PSK_MAX_LEN 32 /* 256 bits */
#endif
/* Dummy type used only for its size */
union _ssl_premaster_secret
{
#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */
#endif
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED)
unsigned char _pms_dhm[POLARSSL_MPI_MAX_SIZE]; /* RFC 5246 8.1.2 */
#endif
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
unsigned char _pms_ecdh[POLARSSL_ECP_MAX_BYTES]; /* RFC 4492 5.10 */
#endif
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
unsigned char _pms_psk[4 + 2 * POLARSSL_PSK_MAX_LEN]; /* RFC 4279 2 */
#endif
#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
unsigned char _pms_dhe_psk[4 + POLARSSL_MPI_MAX_SIZE
+ POLARSSL_PSK_MAX_LEN]; /* RFC 4279 3 */
#endif
#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
unsigned char _pms_rsa_psk[52 + POLARSSL_PSK_MAX_LEN]; /* RFC 4279 4 */
#endif
#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
unsigned char _pms_ecdhe_psk[4 + POLARSSL_ECP_MAX_BYTES
+ POLARSSL_PSK_MAX_LEN]; /* RFC 5489 2 */
#endif
};
#define POLARSSL_PREMASTER_SIZE sizeof( union _ssl_premaster_secret )
#ifdef __cplusplus
extern "C" {
#endif
@ -498,7 +587,7 @@ struct _ssl_handshake_params
/*
* Handshake specific crypto variables
*/
int sig_alg; /*!< Signature algorithm */
int sig_alg; /*!< Hash algorithm for signature */
int cert_type; /*!< Requested cert type */
int verify_sig_alg; /*!< Signature algorithm for verify */
#if defined(POLARSSL_DHM_C)
@ -521,7 +610,7 @@ struct _ssl_handshake_params
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */
#endif
#endif
#endif /* POLARSSL_X509_CRT_PARSE_C */
/*
* Checksum contexts
@ -596,6 +685,7 @@ struct _ssl_context
*/
int state; /*!< SSL handshake: current state */
int renegotiation; /*!< Initial or renegotiation */
int renego_records_seen; /*!< Records since renego request */
int major_ver; /*!< equal to SSL_MAJOR_VERSION_3 */
int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */
@ -720,7 +810,11 @@ struct _ssl_context
int verify_result; /*!< verification result */
int disable_renegotiation; /*!< enable/disable renegotiation */
int allow_legacy_renegotiation; /*!< allow legacy renegotiation */
int renego_max_records; /*!< grace period for renegotiation */
const int *ciphersuite_list[4]; /*!< allowed ciphersuites / version */
#if defined(POLARSSL_SSL_SET_CURVES)
const ecp_group_id *curve_list; /*!< allowed curves */
#endif
#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
int trunc_hmac; /*!< negotiate truncated hmac? */
#endif
@ -752,6 +846,14 @@ struct _ssl_context
size_t hostname_len;
#endif
#if defined(POLARSSL_SSL_ALPN)
/*
* ALPN extension
*/
const char **alpn_list; /*!< ordered list of supported protocols */
const char *alpn_chosen; /*!< negotiated protocol */
#endif
/*
* Secure renegotiation
*/
@ -779,7 +881,7 @@ extern int (*ssl_hw_record_reset)(ssl_context *ssl);
extern int (*ssl_hw_record_write)(ssl_context *ssl);
extern int (*ssl_hw_record_read)(ssl_context *ssl);
extern int (*ssl_hw_record_finish)(ssl_context *ssl);
#endif
#endif /* POLARSSL_SSL_HW_RECORD_ACCEL */
/**
* \brief Returns the list of ciphersuites supported by the SSL/TLS module.
@ -790,8 +892,8 @@ extern int (*ssl_hw_record_finish)(ssl_context *ssl);
const int *ssl_list_ciphersuites( void );
/**
* \brief Return the name of the ciphersuite associated with the given
* ID
* \brief Return the name of the ciphersuite associated with the
* given ID
*
* \param ciphersuite_id SSL ciphersuite ID
*
@ -800,8 +902,8 @@ const int *ssl_list_ciphersuites( void );
const char *ssl_get_ciphersuite_name( const int ciphersuite_id );
/**
* \brief Return the ID of the ciphersuite associated with the given
* name
* \brief Return the ID of the ciphersuite associated with the
* given name
*
* \param ciphersuite_name SSL ciphersuite name
*
@ -859,6 +961,12 @@ void ssl_set_endpoint( ssl_context *ssl, int endpoint );
*
* SSL_VERIFY_REQUIRED: peer *must* present a valid certificate,
* handshake is aborted if verification failed.
*
* \note On client, SSL_VERIFY_REQUIRED is the recommended mode.
* With SSL_VERIFY_OPTIONAL, the user needs to call ssl_get_verify_result() at
* the right time(s), which may not be obvious, while REQUIRED always perform
* the verification as soon as possible. For example, REQUIRED was protecting
* against the "triple handshake" attack even before it was found.
*/
void ssl_set_authmode( ssl_context *ssl, int authmode );
@ -1043,6 +1151,9 @@ int ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert,
* up your certificate chain. The top certificate (self-signed)
* can be omitted.
*
* \warning This backwards-compatibility function is deprecated!
* Please use \c ssl_set_own_cert() instead.
*
* \param ssl SSL context
* \param own_cert own public certificate chain
* \param rsa_key own private RSA key
@ -1065,6 +1176,10 @@ int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert,
* up your certificate chain. The top certificate (self-signed)
* can be omitted.
*
* \warning This backwards-compatibility function is deprecated!
* Please use \c pk_init_ctx_rsa_alt()
* and \c ssl_set_own_cert() instead.
*
* \param ssl SSL context
* \param own_cert own public certificate chain
* \param rsa_key alternate implementation private RSA key
@ -1102,7 +1217,7 @@ int ssl_set_psk( ssl_context *ssl, const unsigned char *psk, size_t psk_len,
*
* If set, the PSK callback is called for each
* handshake where a PSK ciphersuite was negotiated.
* The callback provides the identity received and wants to
* The caller provides the identity received and wants to
* receive the actual PSK data and length.
*
* The callback has the following parameters: (void *parameter,
@ -1147,7 +1262,29 @@ int ssl_set_dh_param( ssl_context *ssl, const char *dhm_P, const char *dhm_G );
* \return 0 if successful
*/
int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx );
#endif
#endif /* POLARSSL_DHM_C */
#if defined(POLARSSL_SSL_SET_CURVES)
/**
* \brief Set the allowed curves in order of preference.
* (Default: all defined curves.)
*
* On server: this only affects selection of the ECDHE curve;
* the curves used for ECDH and ECDSA are determined by the
* list of available certificates instead.
*
* On client: this affects the list of curves offered for any
* use. The server can override our preference order.
*
* Both sides: limits the set of curves used by peer to the
* listed curves for any use (ECDH(E), certificates).
*
* \param ssl SSL context
* \param curves Ordered list of allowed curves,
* terminated by POLARSSL_ECP_DP_NONE.
*/
void ssl_set_curves( ssl_context *ssl, const ecp_group_id *curves );
#endif /* POLARSSL_SSL_SET_CURVES */
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
/**
@ -1187,6 +1324,30 @@ void ssl_set_sni( ssl_context *ssl,
void *p_sni );
#endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */
#if defined(POLARSSL_SSL_ALPN)
/**
* \brief Set the supported Application Layer Protocols.
*
* \param ssl SSL context
* \param protos NULL-terminated list of supported protocols,
* in decreasing preference order.
*
* \return 0 on success, or POLARSSL_ERR_SSL_BAD_INPUT_DATA.
*/
int ssl_set_alpn_protocols( ssl_context *ssl, const char **protos );
/**
* \brief Get the name of the negotiated Application Layer Protocol.
* This function should be called after the handshake is
* completed.
*
* \param ssl SSL context
*
* \return Protcol name, or NULL if no protocol was negotiated.
*/
const char *ssl_get_alpn_protocol( const ssl_context *ssl );
#endif /* POLARSSL_SSL_ALPN */
/**
* \brief Set the maximum supported version sent from the client side
* and/or accepted at the server side
@ -1327,6 +1488,33 @@ void ssl_set_renegotiation( ssl_context *ssl, int renegotiation );
*/
void ssl_legacy_renegotiation( ssl_context *ssl, int allow_legacy );
/**
* \brief Enforce server-requested renegotiation.
* (Default: enforced, max_records = 16)
* (No effect on client.)
*
* When a server requests a renegotiation, the client can
* comply or ignore the request. This function allows the
* server to decide if it should enforce its renegotiation
* requests by closing the connection if the client doesn't
* initiate a renegotiation.
*
* However, records could already be in transit from the
* client to the server when the request is emitted. In order
* to increase reliability, the server can accept a number of
* records containing application data before the ClientHello
* that was requested.
*
* The optimal value is highly dependent on the specific usage
* scenario.
*
* \param ssl SSL context
* \param max_records Use SSL_RENEGOTIATION_NOT_ENFORCED if you don't want to
* enforce renegotiation, or a non-negative value to enforce
* it but allow for a grace period of max_records records.
*/
void ssl_set_renegotiation_enforced( ssl_context *ssl, int max_records );
/**
* \brief Return the number of data bytes available to read
*
@ -1494,6 +1682,13 @@ int ssl_close_notify( ssl_context *ssl );
*/
void ssl_free( ssl_context *ssl );
/**
* \brief Initialize SSL session structure
*
* \param session SSL session
*/
void ssl_session_init( ssl_session *session );
/**
* \brief Free referenced items in an SSL session including the
* peer certificate and clear memory
@ -1548,7 +1743,8 @@ int ssl_write_change_cipher_spec( ssl_context *ssl );
int ssl_parse_finished( ssl_context *ssl );
int ssl_write_finished( ssl_context *ssl );
void ssl_optimize_checksum( ssl_context *ssl, const ssl_ciphersuite_t *ciphersuite_info );
void ssl_optimize_checksum( ssl_context *ssl,
const ssl_ciphersuite_t *ciphersuite_info );
#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
int ssl_psk_derive_premaster( ssl_context *ssl, key_exchange_type_t key_ex );
@ -1561,6 +1757,10 @@ pk_type_t ssl_pk_alg_from_sig( unsigned char sig );
md_type_t ssl_md_alg_from_hash( unsigned char hash );
#if defined(POLARSSL_SSL_SET_CURVES)
int ssl_curve_is_acceptable( const ssl_context *ssl, ecp_group_id grp_id );
#endif
#if defined(POLARSSL_X509_CRT_PARSE_C)
static inline pk_context *ssl_own_key( ssl_context *ssl )
{
@ -1573,6 +1773,19 @@ static inline x509_crt *ssl_own_cert( ssl_context *ssl )
return( ssl->handshake->key_cert == NULL ? NULL
: ssl->handshake->key_cert->cert );
}
/*
* Check usage of a certificate wrt extensions:
* keyUsage, extendedKeyUsage (later), and nSCertType (later).
*
* Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
* check a cert we received from them)!
*
* Return 0 if everything is OK, -1 if not.
*/
int ssl_check_cert_usage( const x509_crt *cert,
const ssl_ciphersuite_t *ciphersuite,
int cert_endpoint );
#endif /* POLARSSL_X509_CRT_PARSE_C */
/* constant-time buffer comparison */

View File

@ -33,10 +33,23 @@
#include "threading.h"
#endif
#if !defined(POLARSSL_CONFIG_OPTIONS)
/**
* \name SECTION: Module settings
*
* The configuration options you can set for this module are in this section.
* Either change them in config.h or define them on the compiler command line.
* \{
*/
#if !defined(SSL_CACHE_DEFAULT_TIMEOUT)
#define SSL_CACHE_DEFAULT_TIMEOUT 86400 /*!< 1 day */
#endif
#if !defined(SSL_CACHE_DEFAULT_MAX_ENTRIES)
#define SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /*!< Maximum entries in cache */
#endif /* !POLARSSL_CONFIG_OPTIONS */
#endif
/* \} name SECTION: Module settings */
#ifdef __cplusplus
extern "C" {
@ -106,7 +119,7 @@ int ssl_cache_set( void *data, const ssl_session *session );
* A timeout of 0 indicates no timeout.
*
* \param cache SSL cache context
* \param timeout cache entry timeout
* \param timeout cache entry timeout in seconds
*/
void ssl_cache_set_timeout( ssl_cache_context *cache, int timeout );
#endif /* POLARSSL_HAVE_TIME */

View File

@ -210,6 +210,30 @@ extern "C" {
#define TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A /**< Not in SSL3! */
#define TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B /**< Not in SSL3! */
#define TLS_RSA_WITH_AES_128_CCM 0xC09C /**< TLS 1.2 */
#define TLS_RSA_WITH_AES_256_CCM 0xC09D /**< TLS 1.2 */
#define TLS_DHE_RSA_WITH_AES_128_CCM 0xC09E /**< TLS 1.2 */
#define TLS_DHE_RSA_WITH_AES_256_CCM 0xC09F /**< TLS 1.2 */
#define TLS_RSA_WITH_AES_128_CCM_8 0xC0A0 /**< TLS 1.2 */
#define TLS_RSA_WITH_AES_256_CCM_8 0xC0A1 /**< TLS 1.2 */
#define TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2 /**< TLS 1.2 */
#define TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3 /**< TLS 1.2 */
#define TLS_PSK_WITH_AES_128_CCM 0xC0A4 /**< TLS 1.2 */
#define TLS_PSK_WITH_AES_256_CCM 0xC0A5 /**< TLS 1.2 */
#define TLS_DHE_PSK_WITH_AES_128_CCM 0xC0A6 /**< TLS 1.2 */
#define TLS_DHE_PSK_WITH_AES_256_CCM 0xC0A7 /**< TLS 1.2 */
#define TLS_PSK_WITH_AES_128_CCM_8 0xC0A8 /**< TLS 1.2 */
#define TLS_PSK_WITH_AES_256_CCM_8 0xC0A9 /**< TLS 1.2 */
#define TLS_DHE_PSK_WITH_AES_128_CCM_8 0xC0AA /**< TLS 1.2 */
#define TLS_DHE_PSK_WITH_AES_256_CCM_8 0xC0AB /**< TLS 1.2 */
/* The last two are named with PSK_DHE in the RFC, which looks like a typo */
#define TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC /**< TLS 1.2 */
#define TLS_ECDHE_ECDSA_WITH_AES_256_CCM 0xC0AD /**< TLS 1.2 */
#define TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE /**< TLS 1.2 */
#define TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF /**< TLS 1.2 */
/* Reminder: update _ssl_premaster_secret when adding a new key exchange */
typedef enum {
POLARSSL_KEY_EXCHANGE_NONE = 0,
POLARSSL_KEY_EXCHANGE_RSA,
@ -227,6 +251,8 @@ typedef enum {
typedef struct _ssl_ciphersuite_t ssl_ciphersuite_t;
#define POLARSSL_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */
#define POLARSSL_CIPHERSUITE_SHORT_TAG 0x02 /**< Short authentication tag,
eg for CCM_8 */
/**
* \brief This structure is used for storing ciphersuite information

View File

@ -27,7 +27,11 @@
#ifndef POLARSSL_THREADING_H
#define POLARSSL_THREADING_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include <stdlib.h>

View File

@ -3,7 +3,7 @@
*
* \brief Portable interface to the CPU cycle counter
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -27,6 +27,16 @@
#ifndef POLARSSL_TIMING_H
#define POLARSSL_TIMING_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if !defined(POLARSSL_TIMING_ALT)
// Regular implementation
//
#ifdef __cplusplus
extern "C" {
#endif
@ -68,8 +78,21 @@ void set_alarm( int seconds );
*/
void m_sleep( int milliseconds );
#if defined(POLARSSL_SELF_TEST)
/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if a test failed
*/
int timing_self_test( int verbose );
#endif
#ifdef __cplusplus
}
#endif
#else /* POLARSSL_TIMING_ALT */
#include "timing_alt.h"
#endif /* POLARSSL_TIMING_ALT */
#endif /* timing.h */

View File

@ -3,7 +3,7 @@
*
* \brief Run-time version information
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -31,7 +31,11 @@
#ifndef POLARSSL_VERSION_H
#define POLARSSL_VERSION_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
/**
* The version number x.y.z is split into three parts.
@ -39,16 +43,16 @@
*/
#define POLARSSL_VERSION_MAJOR 1
#define POLARSSL_VERSION_MINOR 3
#define POLARSSL_VERSION_PATCH 4
#define POLARSSL_VERSION_PATCH 8
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
#define POLARSSL_VERSION_NUMBER 0x01030400
#define POLARSSL_VERSION_STRING "1.3.4"
#define POLARSSL_VERSION_STRING_FULL "PolarSSL 1.3.4"
#define POLARSSL_VERSION_NUMBER 0x01030800
#define POLARSSL_VERSION_STRING "1.3.8"
#define POLARSSL_VERSION_STRING_FULL "PolarSSL 1.3.8"
#if defined(POLARSSL_VERSION_C)
@ -75,11 +79,32 @@ void version_get_string( char *string );
/**
* Get the full version string ("PolarSSL x.y.z").
*
* \param string The string that will receive the value.
* (Should be at least 18 bytes in size)
* \param string The string that will receive the value. The PolarSSL version
* string will use 18 bytes AT MOST including a terminating
* null byte.
* (So the buffer should be at least 18 bytes to receive this
* version string).
*/
void version_get_string_full( char *string );
/**
* \brief Check if support for a feature was compiled into this
* PolarSSL binary. This allows you to see at runtime if the
* library was for instance compiled with or without
* Multi-threading support.
*
* Note: only checks against defines in the sections "System
* support", "PolarSSL modules" and "PolarSSL feature
* support" in config.h
*
* \param feature The string for the define to check (e.g. "POLARSSL_AES_C")
*
* \return 0 if the feature is present, -1 if the feature is not
* present and -2 if support for feature checking as a whole
* was not compiled in.
*/
int version_check_feature( const char *feature );
#ifdef __cplusplus
}
#endif

View File

@ -3,7 +3,7 @@
*
* \brief X.509 generic defines and structures
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -27,7 +27,11 @@
#ifndef POLARSSL_X509_H
#define POLARSSL_X509_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include "asn1.h"
#include "pk.h"
@ -78,6 +82,8 @@
#define BADCERT_MISSING 0x40 /**< Certificate was missing. */
#define BADCERT_SKIP_VERIFY 0x80 /**< Certificate verification was skipped. */
#define BADCERT_OTHER 0x0100 /**< Other reason (can be used by verify callback) */
#define BADCERT_FUTURE 0x0200 /**< The certificate validity starts in the future. */
#define BADCRL_FUTURE 0x0400 /**< The CRL is from the future */
/* \} name */
/* \} addtogroup x509_module */
@ -108,24 +114,27 @@
/*
* X.509 extension types
*
* Comments refer to the status for using certificates. Status can be
* different for writing certificates or reading CRLs or CSRs.
*/
#define EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0)
#define EXT_SUBJECT_KEY_IDENTIFIER (1 << 1)
#define EXT_KEY_USAGE (1 << 2)
#define EXT_KEY_USAGE (1 << 2) /* Parsed but not used */
#define EXT_CERTIFICATE_POLICIES (1 << 3)
#define EXT_POLICY_MAPPINGS (1 << 4)
#define EXT_SUBJECT_ALT_NAME (1 << 5)
#define EXT_SUBJECT_ALT_NAME (1 << 5) /* Supported (DNS) */
#define EXT_ISSUER_ALT_NAME (1 << 6)
#define EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7)
#define EXT_BASIC_CONSTRAINTS (1 << 8)
#define EXT_BASIC_CONSTRAINTS (1 << 8) /* Supported */
#define EXT_NAME_CONSTRAINTS (1 << 9)
#define EXT_POLICY_CONSTRAINTS (1 << 10)
#define EXT_EXTENDED_KEY_USAGE (1 << 11)
#define EXT_EXTENDED_KEY_USAGE (1 << 11) /* Parsed but not used */
#define EXT_CRL_DISTRIBUTION_POINTS (1 << 12)
#define EXT_INIHIBIT_ANYPOLICY (1 << 13)
#define EXT_FRESHEST_CRL (1 << 14)
#define EXT_NS_CERT_TYPE (1 << 16)
#define EXT_NS_CERT_TYPE (1 << 16) /* Parsed (and then ?) */
/*
* Storage format identifiers
@ -207,6 +216,8 @@ int x509_serial_gets( char *buf, size_t size, const x509_buf *serial );
/**
* \brief Give an known OID, return its descriptive string.
* (Deprecated. Use oid_get_extended_key_usage() instead.)
* Warning: only works for extended_key_usage OIDs!
*
* \param oid buffer containing the oid
*
@ -223,22 +234,33 @@ const char *x509_oid_get_description( x509_buf *oid );
* \param size Maximum size of buffer
* \param oid Buffer containing the OID
*
* \return The amount of data written to the buffer, or -1 in
* case of an error.
* \return Length of the string written (excluding final NULL) or
* POLARSSL_ERR_OID_BUF_TO_SMALL in case of error
*/
int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid );
/**
* \brief Check a given x509_time against the system time and check
* if it is valid.
* if it is not expired.
*
* \param time x509_time to check
*
* \return Return 0 if the x509_time is still valid,
* or 1 otherwise.
* \return 0 if the x509_time is still valid,
* 1 otherwise.
*/
int x509_time_expired( const x509_time *time );
/**
* \brief Check a given x509_time against the system time and check
* if it is not from the future.
*
* \param time x509_time to check
*
* \return 0 if the x509_time is already valid,
* 1 otherwise.
*/
int x509_time_future( const x509_time *time );
/**
* \brief Checkup routine
*
@ -254,9 +276,17 @@ int x509_get_name( unsigned char **p, const unsigned char *end,
x509_name *cur );
int x509_get_alg_null( unsigned char **p, const unsigned char *end,
x509_buf *alg );
int x509_get_alg( unsigned char **p, const unsigned char *end,
x509_buf *alg, x509_buf *params );
#if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT)
int x509_get_rsassa_pss_params( const x509_buf *params,
md_type_t *md_alg, md_type_t *mgf_md,
int *salt_len );
#endif
int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig );
int x509_get_sig_alg( const x509_buf *sig_oid, md_type_t *md_alg,
pk_type_t *pk_alg );
int x509_get_sig_alg( const x509_buf *sig_oid, const x509_buf *sig_params,
md_type_t *md_alg, pk_type_t *pk_alg,
void **sig_opts );
int x509_get_time( unsigned char **p, const unsigned char *end,
x509_time *time );
int x509_get_serial( unsigned char **p, const unsigned char *end,
@ -264,9 +294,14 @@ int x509_get_serial( unsigned char **p, const unsigned char *end,
int x509_get_ext( unsigned char **p, const unsigned char *end,
x509_buf *ext, int tag );
int x509_load_file( const char *path, unsigned char **buf, size_t *n );
int x509_sig_alg_gets( char *buf, size_t size, const x509_buf *sig_oid,
pk_type_t pk_alg, md_type_t md_alg,
const void *sig_opts );
int x509_key_size_helper( char *buf, size_t size, const char *name );
int x509_string_to_names( asn1_named_data **head, const char *name );
int x509_set_extension( asn1_named_data **head, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len );
int x509_set_extension( asn1_named_data **head, const char *oid, size_t oid_len,
int critical, const unsigned char *val,
size_t val_len );
int x509_write_extensions( unsigned char **p, unsigned char *start,
asn1_named_data *first );
int x509_write_names( unsigned char **p, unsigned char *start,

View File

@ -27,7 +27,11 @@
#ifndef POLARSSL_X509_CRL_H
#define POLARSSL_X509_CRL_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include "x509.h"
@ -71,7 +75,7 @@ typedef struct _x509_crl
x509_buf raw; /**< The raw certificate data (DER). */
x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
int version;
int version; /**< CRL version (1=v1, 2=v2) */
x509_buf sig_oid1;
x509_buf issuer_raw; /**< The raw issuer data (DER). */
@ -88,7 +92,8 @@ typedef struct _x509_crl
x509_buf sig_oid2;
x509_buf sig;
md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */;
pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */
void *sig_opts; /**< Signature options to be passed to pk_verify_ext(), e.g. for RSASSA-PSS */
struct _x509_crl *next;
}

View File

@ -27,7 +27,11 @@
#ifndef POLARSSL_X509_CRT_H
#define POLARSSL_X509_CRT_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include "x509.h"
@ -55,7 +59,7 @@ typedef struct _x509_crt
x509_buf raw; /**< The raw certificate data (DER). */
x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
int version; /**< The X.509 version. (0=v1, 1=v2, 2=v3) */
int version; /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
x509_buf serial; /**< Unique id for certificate issued by a specific CA. */
x509_buf sig_oid1; /**< Signature algorithm, e.g. sha1RSA */
@ -72,23 +76,24 @@ typedef struct _x509_crt
x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */
x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */
x509_buf v3_ext; /**< Optional X.509 v3 extensions. Only Basic Contraints are supported at this time. */
x509_buf v3_ext; /**< Optional X.509 v3 extensions. */
x509_sequence subject_alt_names; /**< Optional list of Subject Alternative Names (Only dNSName supported). */
int ext_types; /**< Bit string containing detected and parsed extensions */
int ca_istrue; /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
int max_pathlen; /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */
unsigned char key_usage; /**< Optional key usage extension value: See the values below */
unsigned char key_usage; /**< Optional key usage extension value: See the values in x509.h */
x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */
unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values below */
unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */
x509_buf sig_oid2; /**< Signature algorithm. Must match sig_oid1. */
x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */
md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */;
pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */
void *sig_opts; /**< Signature options to be passed to pk_verify_ext(), e.g. for RSASSA-PSS */
struct _x509_crt *next; /**< Next certificate in the CA-chain. */
}
@ -244,6 +249,44 @@ int x509_crt_verify( x509_crt *crt,
int (*f_vrfy)(void *, x509_crt *, int, int *),
void *p_vrfy );
#if defined(POLARSSL_X509_CHECK_KEY_USAGE)
/**
* \brief Check usage of certificate against keyUsage extension.
*
* \param crt Leaf certificate used.
* \param usage Intended usage(s) (eg KU_KEY_ENCIPHERMENT before using the
* certificate to perform an RSA key exchange).
*
* \return 0 is these uses of the certificate are allowed,
* POLARSSL_ERR_X509_BAD_INPUT_DATA if the keyUsage extension
* is present but does not contain all the bits set in the
* usage argument.
*
* \note You should only call this function on leaf certificates, on
* (intermediate) CAs the keyUsage extension is automatically
* checked by \c x509_crt_verify().
*/
int x509_crt_check_key_usage( const x509_crt *crt, int usage );
#endif /* POLARSSL_X509_CHECK_KEY_USAGE) */
#if defined(POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE)
/**
* \brief Check usage of certificate against extentedJeyUsage.
*
* \param crt Leaf certificate used.
* \param usage_oid Intended usage (eg OID_SERVER_AUTH or OID_CLIENT_AUTH).
* \param usage_len Length of usage_oid (eg given by OID_SIZE()).
*
* \return 0 is this use of the certificate is allowed,
* POLARSSL_ERR_X509_BAD_INPUT_DATA if not.
*
* \note Usually only makes sense on leaf certificates.
*/
int x509_crt_check_extended_key_usage( const x509_crt *crt,
const char *usage_oid,
size_t usage_len );
#endif /* POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE) */
#if defined(POLARSSL_X509_CRL_PARSE_C)
/**
* \brief Verify the certificate revocation status

View File

@ -3,7 +3,7 @@
*
* \brief X.509 certificate signing request parsing and writing
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -27,7 +27,11 @@
#ifndef POLARSSL_X509_CSR_H
#define POLARSSL_X509_CSR_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include "x509.h"
@ -52,7 +56,7 @@ typedef struct _x509_csr
x509_buf raw; /**< The raw CSR data (DER). */
x509_buf cri; /**< The raw CertificateRequestInfo body (DER). */
int version;
int version; /**< CSR version (1=v1). */
x509_buf subject_raw; /**< The raw subject data (DER). */
x509_name subject; /**< The parsed subject data (named information object). */
@ -62,7 +66,8 @@ typedef struct _x509_csr
x509_buf sig_oid;
x509_buf sig;
md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */;
pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */
void *sig_opts; /**< Signature options to be passed to pk_verify_ext(), e.g. for RSASSA-PSS */
}
x509_csr;
@ -80,7 +85,19 @@ x509write_csr;
#if defined(POLARSSL_X509_CSR_PARSE_C)
/**
* \brief Load a Certificate Signing Request (CSR)
* \brief Load a Certificate Signing Request (CSR) in DER format
*
* \param csr CSR context to fill
* \param buf buffer holding the CRL data
* \param buflen size of the buffer
*
* \return 0 if successful, or a specific X509 error code
*/
int x509_csr_parse_der( x509_csr *csr,
const unsigned char *buf, size_t buflen );
/**
* \brief Load a Certificate Signing Request (CSR), DER or PEM format
*
* \param csr CSR context to fill
* \param buf buffer holding the CRL data
@ -111,8 +128,8 @@ int x509_csr_parse_file( x509_csr *csr, const char *path );
* \param prefix A line prefix
* \param csr The X509 CSR to represent
*
* \return The amount of data written to the buffer, or -1 in
* case of an error.
* \return The length of the string written (exluding the terminating
* null byte), or a negative value in case of an error.
*/
int x509_csr_info( char *buf, size_t size, const char *prefix,
const x509_csr *csr );
@ -200,7 +217,8 @@ int x509write_csr_set_ns_cert_type( x509write_csr *ctx,
unsigned char ns_cert_type );
/**
* \brief Generic function to add to or replace an extension in the CSR
* \brief Generic function to add to or replace an extension in the
* CSR
*
* \param ctx CSR context to use
* \param oid OID of the extension

View File

@ -27,7 +27,11 @@
#ifndef POLARSSL_XTEA_H
#define POLARSSL_XTEA_H
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#include <string.h>
@ -60,6 +64,20 @@ typedef struct
}
xtea_context;
/**
* \brief Initialize XTEA context
*
* \param ctx XTEA context to be initialized
*/
void xtea_init( xtea_context *ctx );
/**
* \brief Clear XTEA context
*
* \param ctx XTEA context to be cleared
*/
void xtea_free( xtea_context *ctx );
/**
* \brief XTEA key schedule
*

View File

@ -1,3 +1,7 @@
option(USE_STATIC_POLARSSL_LIBRARY "Build PolarSSL static library." ON)
option(USE_SHARED_POLARSSL_LIBRARY "Build PolarSSL shared library." OFF)
option(LINK_WITH_PTHREAD "Explicitly link PolarSSL library to pthread." OFF)
set(src
aes.c
aesni.c
@ -8,6 +12,7 @@ set(src
bignum.c
blowfish.c
camellia.c
ccm.c
certs.c
cipher.c
cipher_wrap.c
@ -24,12 +29,12 @@ set(src
error.c
gcm.c
havege.c
hmac_drbg.c
md.c
md_wrap.c
md2.c
md4.c
md5.c
memory.c
memory_buffer_alloc.c
net.c
oid.c
@ -43,6 +48,7 @@ set(src
pk_wrap.c
pkparse.c
pkwrite.c
platform.c
ripemd160.c
rsa.c
sha1.c
@ -56,6 +62,7 @@ set(src
threading.c
timing.c
version.c
version_features.c
x509.c
x509_crt.c
x509_crl.c
@ -75,14 +82,55 @@ if(CMAKE_COMPILER_IS_GNUCC)
set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS_CHECK} -Wcast-qual")
endif(CMAKE_COMPILER_IS_GNUCC)
add_library(polarssl STATIC ${src})
if(CMAKE_COMPILER_IS_CLANG)
set(CMAKE_C_FLAGS_CHECK "${CMAKE_C_FLAGS_CHECK} -Wmissing-declarations -Wmissing-prototypes")
endif(CMAKE_COMPILER_IS_CLANG)
target_link_libraries(polarssl ${libs})
if (NOT USE_STATIC_POLARSSL_LIBRARY AND NOT USE_SHARED_POLARSSL_LIBRARY)
message(FATAL_ERROR "Need to choose static or shared polarssl build!")
endif(NOT USE_STATIC_POLARSSL_LIBRARY AND NOT USE_SHARED_POLARSSL_LIBRARY)
if(ZLIB_FOUND)
target_link_libraries(polarssl ${ZLIB_LIBRARIES})
endif(ZLIB_FOUND)
if(USE_STATIC_POLARSSL_LIBRARY AND USE_SHARED_POLARSSL_LIBRARY)
# if we build both static an shared, then let
# tests and programs link to the shared lib target
set(polarssl_static_target "polarssl_static")
elseif(USE_STATIC_POLARSSL_LIBRARY)
set(polarssl_static_target "polarssl")
endif()
install(TARGETS polarssl
if(USE_STATIC_POLARSSL_LIBRARY)
add_library(${polarssl_static_target} STATIC ${src})
set_target_properties(${polarssl_static_target} PROPERTIES OUTPUT_NAME polarssl)
target_link_libraries(${polarssl_static_target} ${libs})
if(ZLIB_FOUND)
target_link_libraries(${polarssl_static_target} ${ZLIB_LIBRARIES})
endif(ZLIB_FOUND)
if(LINK_WITH_PTHREAD)
target_link_libraries(${polarssl_static_target} pthread)
endif()
install(TARGETS ${polarssl_static_target}
DESTINATION ${LIB_INSTALL_DIR}
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
endif()
if(USE_SHARED_POLARSSL_LIBRARY)
add_library(polarssl SHARED ${src})
set_target_properties(polarssl PROPERTIES VERSION 1.3.8 SOVERSION 7)
target_link_libraries(polarssl ${libs})
if(ZLIB_FOUND)
target_link_libraries(polarssl ${ZLIB_LIBRARIES})
endif(ZLIB_FOUND)
if(LINK_WITH_PTHREAD)
target_link_libraries(polarssl pthread)
endif()
install(TARGETS polarssl
DESTINATION ${LIB_INSTALL_DIR}
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
endif(USE_SHARED_POLARSSL_LIBRARY)

View File

@ -1,7 +1,7 @@
/*
* FIPS-197 compliant AES implementation
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -29,7 +29,11 @@
* http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_AES_C)
@ -41,8 +45,19 @@
#include "polarssl/aesni.h"
#endif
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#define polarssl_printf printf
#endif
#if !defined(POLARSSL_AES_ALT)
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/*
* 32-bit integer manipulation macros (little endian)
*/
@ -336,7 +351,7 @@ static const uint32_t RCON[10] =
0x0000001B, 0x00000036
};
#else
#else /* POLARSSL_AES_ROM_TABLES */
/*
* Forward S-box & tables
@ -405,10 +420,10 @@ static void aes_gen_tables( void )
{
x = pow[255 - log[i]];
y = x; y = ( (y << 1) | (y >> 7) ) & 0xFF;
x ^= y; y = ( (y << 1) | (y >> 7) ) & 0xFF;
x ^= y; y = ( (y << 1) | (y >> 7) ) & 0xFF;
x ^= y; y = ( (y << 1) | (y >> 7) ) & 0xFF;
y = x; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF;
x ^= y ^ 0x63;
FSb[i] = (unsigned char) x;
@ -446,12 +461,26 @@ static void aes_gen_tables( void )
}
}
#endif
#endif /* POLARSSL_AES_ROM_TABLES */
void aes_init( aes_context *ctx )
{
memset( ctx, 0, sizeof( aes_context ) );
}
void aes_free( aes_context *ctx )
{
if( ctx == NULL )
return;
polarssl_zeroize( ctx, sizeof( aes_context ) );
}
/*
* AES key schedule (encryption)
*/
int aes_setkey_enc( aes_context *ctx, const unsigned char *key, unsigned int keysize )
int aes_setkey_enc( aes_context *ctx, const unsigned char *key,
unsigned int keysize )
{
unsigned int i;
uint32_t *RK;
@ -488,7 +517,7 @@ int aes_setkey_enc( aes_context *ctx, const unsigned char *key, unsigned int key
return( aesni_setkey_enc( (unsigned char *) ctx->rk, key, keysize ) );
#endif
for( i = 0; i < (keysize >> 5); i++ )
for( i = 0; i < ( keysize >> 5 ); i++ )
{
GET_UINT32_LE( RK[i], key, i << 2 );
}
@ -554,10 +583,6 @@ int aes_setkey_enc( aes_context *ctx, const unsigned char *key, unsigned int key
RK[15] = RK[7] ^ RK[14];
}
break;
default:
break;
}
return( 0 );
@ -566,21 +591,15 @@ int aes_setkey_enc( aes_context *ctx, const unsigned char *key, unsigned int key
/*
* AES key schedule (decryption)
*/
int aes_setkey_dec( aes_context *ctx, const unsigned char *key, unsigned int keysize )
int aes_setkey_dec( aes_context *ctx, const unsigned char *key,
unsigned int keysize )
{
int i, j;
int i, j, ret;
aes_context cty;
uint32_t *RK;
uint32_t *SK;
int ret;
switch( keysize )
{
case 128: ctx->nr = 10; break;
case 192: ctx->nr = 12; break;
case 256: ctx->nr = 14; break;
default : return( POLARSSL_ERR_AES_INVALID_KEY_LENGTH );
}
aes_init( &cty );
#if defined(POLARSSL_PADLOCK_C) && defined(PADLOCK_ALIGN16)
if( aes_padlock_ace == -1 )
@ -592,16 +611,18 @@ int aes_setkey_dec( aes_context *ctx, const unsigned char *key, unsigned int key
#endif
ctx->rk = RK = ctx->buf;
ret = aes_setkey_enc( &cty, key, keysize );
if( ret != 0 )
return( ret );
/* Also checks keysize */
if( ( ret = aes_setkey_enc( &cty, key, keysize ) ) != 0 )
goto exit;
ctx->nr = cty.nr;
#if defined(POLARSSL_AESNI_C) && defined(POLARSSL_HAVE_X86_64)
if( aesni_supports( POLARSSL_AESNI_AES ) )
{
aesni_inverse_key( (unsigned char *) ctx->rk,
(const unsigned char *) cty.rk, ctx->nr );
goto done;
goto exit;
}
#endif
@ -628,12 +649,10 @@ int aes_setkey_dec( aes_context *ctx, const unsigned char *key, unsigned int key
*RK++ = *SK++;
*RK++ = *SK++;
#if defined(POLARSSL_AESNI_C) && defined(POLARSSL_HAVE_X86_64)
done:
#endif
memset( &cty, 0, sizeof( aes_context ) );
exit:
aes_free( &cty );
return( 0 );
return( ret );
}
#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
@ -719,7 +738,7 @@ int aes_crypt_ecb( aes_context *ctx,
if( mode == AES_DECRYPT )
{
for( i = (ctx->nr >> 1) - 1; i > 0; i-- )
for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
{
AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 );
@ -753,7 +772,7 @@ int aes_crypt_ecb( aes_context *ctx,
}
else /* AES_ENCRYPT */
{
for( i = (ctx->nr >> 1) - 1; i > 0; i-- )
for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
{
AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 );
@ -886,7 +905,7 @@ int aes_crypt_cfb128( aes_context *ctx,
*output++ = (unsigned char)( c ^ iv[n] );
iv[n] = (unsigned char) c;
n = (n + 1) & 0x0F;
n = ( n + 1 ) & 0x0F;
}
}
else
@ -898,7 +917,7 @@ int aes_crypt_cfb128( aes_context *ctx,
iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
n = (n + 1) & 0x0F;
n = ( n + 1 ) & 0x0F;
}
}
@ -923,7 +942,7 @@ int aes_crypt_cfb8( aes_context *ctx,
while( length-- )
{
memcpy(ov, iv, 16);
memcpy( ov, iv, 16 );
aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv );
if( mode == AES_DECRYPT )
@ -934,7 +953,7 @@ int aes_crypt_cfb8( aes_context *ctx,
if( mode == AES_ENCRYPT )
ov[16] = c;
memcpy(iv, ov + 1, 16);
memcpy( iv, ov + 1, 16 );
}
return( 0 );
@ -968,7 +987,7 @@ int aes_crypt_ctr( aes_context *ctx,
c = *input++;
*output++ = (unsigned char)( c ^ stream_block[n] );
n = (n + 1) & 0x0F;
n = ( n + 1 ) & 0x0F;
}
*nc_off = n;
@ -976,6 +995,7 @@ int aes_crypt_ctr( aes_context *ctx,
return( 0 );
}
#endif /* POLARSSL_CIPHER_MODE_CTR */
#endif /* !POLARSSL_AES_ALT */
#if defined(POLARSSL_SELF_TEST)
@ -1163,7 +1183,7 @@ static const int aes_test_ctr_len[3] =
*/
int aes_self_test( int verbose )
{
int i, j, u, v;
int ret = 0, i, j, u, v;
unsigned char key[32];
unsigned char buf[64];
unsigned char iv[16];
@ -1181,6 +1201,7 @@ int aes_self_test( int verbose )
aes_context ctx;
memset( key, 0, 32 );
aes_init( &ctx );
/*
* ECB mode
@ -1191,7 +1212,7 @@ int aes_self_test( int verbose )
v = i & 1;
if( verbose != 0 )
printf( " AES-ECB-%3d (%s): ", 128 + u * 64,
polarssl_printf( " AES-ECB-%3d (%s): ", 128 + u * 64,
( v == AES_DECRYPT ) ? "dec" : "enc" );
memset( buf, 0, 16 );
@ -1206,9 +1227,10 @@ int aes_self_test( int verbose )
if( memcmp( buf, aes_test_ecb_dec[u], 16 ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
ret = 1;
goto exit;
}
}
else
@ -1221,18 +1243,19 @@ int aes_self_test( int verbose )
if( memcmp( buf, aes_test_ecb_enc[u], 16 ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
ret = 1;
goto exit;
}
}
if( verbose != 0 )
printf( "passed\n" );
polarssl_printf( "passed\n" );
}
if( verbose != 0 )
printf( "\n" );
polarssl_printf( "\n" );
#if defined(POLARSSL_CIPHER_MODE_CBC)
/*
@ -1244,7 +1267,7 @@ int aes_self_test( int verbose )
v = i & 1;
if( verbose != 0 )
printf( " AES-CBC-%3d (%s): ", 128 + u * 64,
polarssl_printf( " AES-CBC-%3d (%s): ", 128 + u * 64,
( v == AES_DECRYPT ) ? "dec" : "enc" );
memset( iv , 0, 16 );
@ -1261,9 +1284,10 @@ int aes_self_test( int verbose )
if( memcmp( buf, aes_test_cbc_dec[u], 16 ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
ret = 1;
goto exit;
}
}
else
@ -1284,18 +1308,19 @@ int aes_self_test( int verbose )
if( memcmp( prv, aes_test_cbc_enc[u], 16 ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
ret = 1;
goto exit;
}
}
if( verbose != 0 )
printf( "passed\n" );
polarssl_printf( "passed\n" );
}
if( verbose != 0 )
printf( "\n" );
polarssl_printf( "\n" );
#endif /* POLARSSL_CIPHER_MODE_CBC */
#if defined(POLARSSL_CIPHER_MODE_CFB)
@ -1308,7 +1333,7 @@ int aes_self_test( int verbose )
v = i & 1;
if( verbose != 0 )
printf( " AES-CFB128-%3d (%s): ", 128 + u * 64,
polarssl_printf( " AES-CFB128-%3d (%s): ", 128 + u * 64,
( v == AES_DECRYPT ) ? "dec" : "enc" );
memcpy( iv, aes_test_cfb128_iv, 16 );
@ -1325,9 +1350,10 @@ int aes_self_test( int verbose )
if( memcmp( buf, aes_test_cfb128_pt, 64 ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
ret = 1;
goto exit;
}
}
else
@ -1338,18 +1364,19 @@ int aes_self_test( int verbose )
if( memcmp( buf, aes_test_cfb128_ct[u], 64 ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
ret = 1;
goto exit;
}
}
if( verbose != 0 )
printf( "passed\n" );
polarssl_printf( "passed\n" );
}
if( verbose != 0 )
printf( "\n" );
polarssl_printf( "\n" );
#endif /* POLARSSL_CIPHER_MODE_CFB */
#if defined(POLARSSL_CIPHER_MODE_CTR)
@ -1362,7 +1389,7 @@ int aes_self_test( int verbose )
v = i & 1;
if( verbose != 0 )
printf( " AES-CTR-128 (%s): ",
polarssl_printf( " AES-CTR-128 (%s): ",
( v == AES_DECRYPT ) ? "dec" : "enc" );
memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 );
@ -1376,14 +1403,16 @@ int aes_self_test( int verbose )
len = aes_test_ctr_len[u];
memcpy( buf, aes_test_ctr_ct[u], len );
aes_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, buf, buf );
aes_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
buf, buf );
if( memcmp( buf, aes_test_ctr_pt[u], len ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
ret = 1;
goto exit;
}
}
else
@ -1391,28 +1420,35 @@ int aes_self_test( int verbose )
len = aes_test_ctr_len[u];
memcpy( buf, aes_test_ctr_pt[u], len );
aes_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, buf, buf );
aes_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
buf, buf );
if( memcmp( buf, aes_test_ctr_ct[u], len ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
ret = 1;
goto exit;
}
}
if( verbose != 0 )
printf( "passed\n" );
polarssl_printf( "passed\n" );
}
if( verbose != 0 )
printf( "\n" );
polarssl_printf( "\n" );
#endif /* POLARSSL_CIPHER_MODE_CTR */
return( 0 );
ret = 0;
exit:
aes_free( &ctx );
return( ret );
}
#endif
#endif /* POLARSSL_SELF_TEST */
#endif
#endif /* POLARSSL_AES_C */

View File

@ -1,7 +1,7 @@
/*
* AES-NI support functions
*
* Copyright (C) 2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -28,7 +28,11 @@
* [CLMUL-WP] http://software.intel.com/en-us/articles/intel-carry-less-multiplication-instruction-and-its-usage-for-computing-the-gcm-mode/
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_AESNI_C)
@ -47,8 +51,8 @@ int aesni_supports( unsigned int what )
if( ! done )
{
asm( "movl $1, %%eax \n"
"cpuid \n"
asm( "movl $1, %%eax \n\t"
"cpuid \n\t"
: "=c" (c)
:
: "eax", "ebx", "edx" );
@ -58,6 +62,32 @@ int aesni_supports( unsigned int what )
return( ( c & what ) != 0 );
}
/*
* Binutils needs to be at least 2.19 to support AES-NI instructions.
* Unfortunately, a lot of users have a lower version now (2014-04).
* Emit bytecode directly in order to support "old" version of gas.
*
* Opcodes from the Intel architecture reference manual, vol. 3.
* We always use registers, so we don't need prefixes for memory operands.
* Operand macros are in gas order (src, dst) as opposed to Intel order
* (dst, src) in order to blend better into the surrounding assembly code.
*/
#define AESDEC ".byte 0x66,0x0F,0x38,0xDE,"
#define AESDECLAST ".byte 0x66,0x0F,0x38,0xDF,"
#define AESENC ".byte 0x66,0x0F,0x38,0xDC,"
#define AESENCLAST ".byte 0x66,0x0F,0x38,0xDD,"
#define AESIMC ".byte 0x66,0x0F,0x38,0xDB,"
#define AESKEYGENA ".byte 0x66,0x0F,0x3A,0xDF,"
#define PCLMULQDQ ".byte 0x66,0x0F,0x3A,0x44,"
#define xmm0_xmm0 "0xC0"
#define xmm0_xmm1 "0xC8"
#define xmm0_xmm2 "0xD0"
#define xmm0_xmm3 "0xD8"
#define xmm0_xmm4 "0xE0"
#define xmm1_xmm0 "0xC1"
#define xmm1_xmm2 "0xD1"
/*
* AES-NI AES-ECB block en(de)cryption
*/
@ -66,35 +96,35 @@ int aesni_crypt_ecb( aes_context *ctx,
const unsigned char input[16],
unsigned char output[16] )
{
asm( "movdqu (%3), %%xmm0 \n" // load input
"movdqu (%1), %%xmm1 \n" // load round key 0
"pxor %%xmm1, %%xmm0 \n" // round 0
"addq $16, %1 \n" // point to next round key
"subl $1, %0 \n" // normal rounds = nr - 1
"test %2, %2 \n" // mode?
"jz 2f \n" // 0 = decrypt
asm( "movdqu (%3), %%xmm0 \n\t" // load input
"movdqu (%1), %%xmm1 \n\t" // load round key 0
"pxor %%xmm1, %%xmm0 \n\t" // round 0
"addq $16, %1 \n\t" // point to next round key
"subl $1, %0 \n\t" // normal rounds = nr - 1
"test %2, %2 \n\t" // mode?
"jz 2f \n\t" // 0 = decrypt
"1: \n" // encryption loop
"movdqu (%1), %%xmm1 \n" // load round key
"aesenc %%xmm1, %%xmm0 \n" // do round
"addq $16, %1 \n" // point to next round key
"subl $1, %0 \n" // loop
"jnz 1b \n"
"movdqu (%1), %%xmm1 \n" // load round key
"aesenclast %%xmm1, %%xmm0 \n" // last round
"jmp 3f \n"
"1: \n\t" // encryption loop
"movdqu (%1), %%xmm1 \n\t" // load round key
AESENC xmm1_xmm0 "\n\t" // do round
"addq $16, %1 \n\t" // point to next round key
"subl $1, %0 \n\t" // loop
"jnz 1b \n\t"
"movdqu (%1), %%xmm1 \n\t" // load round key
AESENCLAST xmm1_xmm0 "\n\t" // last round
"jmp 3f \n\t"
"2: \n" // decryption loop
"movdqu (%1), %%xmm1 \n"
"aesdec %%xmm1, %%xmm0 \n"
"addq $16, %1 \n"
"subl $1, %0 \n"
"jnz 2b \n"
"movdqu (%1), %%xmm1 \n" // load round key
"aesdeclast %%xmm1, %%xmm0 \n" // last round
"2: \n\t" // decryption loop
"movdqu (%1), %%xmm1 \n\t"
AESDEC xmm1_xmm0 "\n\t" // do round
"addq $16, %1 \n\t"
"subl $1, %0 \n\t"
"jnz 2b \n\t"
"movdqu (%1), %%xmm1 \n\t" // load round key
AESDECLAST xmm1_xmm0 "\n\t" // last round
"3: \n"
"movdqu %%xmm0, (%4) \n" // export output
"3: \n\t"
"movdqu %%xmm0, (%4) \n\t" // export output
:
: "r" (ctx->nr), "r" (ctx->rk), "r" (mode), "r" (input), "r" (output)
: "memory", "cc", "xmm0", "xmm1" );
@ -121,44 +151,44 @@ void aesni_gcm_mult( unsigned char c[16],
bb[i] = b[15 - i];
}
asm( "movdqu (%0), %%xmm0 \n" // a1:a0
"movdqu (%1), %%xmm1 \n" // b1:b0
asm( "movdqu (%0), %%xmm0 \n\t" // a1:a0
"movdqu (%1), %%xmm1 \n\t" // b1:b0
/*
* Caryless multiplication xmm2:xmm1 = xmm0 * xmm1
* using [CLMUL-WP] algorithm 1 (p. 13).
*/
"movdqa %%xmm1, %%xmm2 \n" // copy of b1:b0
"movdqa %%xmm1, %%xmm3 \n" // same
"movdqa %%xmm1, %%xmm4 \n" // same
"pclmulqdq $0x00, %%xmm0, %%xmm1 \n" // a0*b0 = c1:c0
"pclmulqdq $0x11, %%xmm0, %%xmm2 \n" // a1*b1 = d1:d0
"pclmulqdq $0x10, %%xmm0, %%xmm3 \n" // a0*b1 = e1:e0
"pclmulqdq $0x01, %%xmm0, %%xmm4 \n" // a1*b0 = f1:f0
"pxor %%xmm3, %%xmm4 \n" // e1+f1:e0+f0
"movdqa %%xmm4, %%xmm3 \n" // same
"psrldq $8, %%xmm4 \n" // 0:e1+f1
"pslldq $8, %%xmm3 \n" // e0+f0:0
"pxor %%xmm4, %%xmm2 \n" // d1:d0+e1+f1
"pxor %%xmm3, %%xmm1 \n" // c1+e0+f1:c0
"movdqa %%xmm1, %%xmm2 \n\t" // copy of b1:b0
"movdqa %%xmm1, %%xmm3 \n\t" // same
"movdqa %%xmm1, %%xmm4 \n\t" // same
PCLMULQDQ xmm0_xmm1 ",0x00 \n\t" // a0*b0 = c1:c0
PCLMULQDQ xmm0_xmm2 ",0x11 \n\t" // a1*b1 = d1:d0
PCLMULQDQ xmm0_xmm3 ",0x10 \n\t" // a0*b1 = e1:e0
PCLMULQDQ xmm0_xmm4 ",0x01 \n\t" // a1*b0 = f1:f0
"pxor %%xmm3, %%xmm4 \n\t" // e1+f1:e0+f0
"movdqa %%xmm4, %%xmm3 \n\t" // same
"psrldq $8, %%xmm4 \n\t" // 0:e1+f1
"pslldq $8, %%xmm3 \n\t" // e0+f0:0
"pxor %%xmm4, %%xmm2 \n\t" // d1:d0+e1+f1
"pxor %%xmm3, %%xmm1 \n\t" // c1+e0+f1:c0
/*
* Now shift the result one bit to the left,
* taking advantage of [CLMUL-WP] eq 27 (p. 20)
*/
"movdqa %%xmm1, %%xmm3 \n" // r1:r0
"movdqa %%xmm2, %%xmm4 \n" // r3:r2
"psllq $1, %%xmm1 \n" // r1<<1:r0<<1
"psllq $1, %%xmm2 \n" // r3<<1:r2<<1
"psrlq $63, %%xmm3 \n" // r1>>63:r0>>63
"psrlq $63, %%xmm4 \n" // r3>>63:r2>>63
"movdqa %%xmm3, %%xmm5 \n" // r1>>63:r0>>63
"pslldq $8, %%xmm3 \n" // r0>>63:0
"pslldq $8, %%xmm4 \n" // r2>>63:0
"psrldq $8, %%xmm5 \n" // 0:r1>>63
"por %%xmm3, %%xmm1 \n" // r1<<1|r0>>63:r0<<1
"por %%xmm4, %%xmm2 \n" // r3<<1|r2>>62:r2<<1
"por %%xmm5, %%xmm2 \n" // r3<<1|r2>>62:r2<<1|r1>>63
"movdqa %%xmm1, %%xmm3 \n\t" // r1:r0
"movdqa %%xmm2, %%xmm4 \n\t" // r3:r2
"psllq $1, %%xmm1 \n\t" // r1<<1:r0<<1
"psllq $1, %%xmm2 \n\t" // r3<<1:r2<<1
"psrlq $63, %%xmm3 \n\t" // r1>>63:r0>>63
"psrlq $63, %%xmm4 \n\t" // r3>>63:r2>>63
"movdqa %%xmm3, %%xmm5 \n\t" // r1>>63:r0>>63
"pslldq $8, %%xmm3 \n\t" // r0>>63:0
"pslldq $8, %%xmm4 \n\t" // r2>>63:0
"psrldq $8, %%xmm5 \n\t" // 0:r1>>63
"por %%xmm3, %%xmm1 \n\t" // r1<<1|r0>>63:r0<<1
"por %%xmm4, %%xmm2 \n\t" // r3<<1|r2>>62:r2<<1
"por %%xmm5, %%xmm2 \n\t" // r3<<1|r2>>62:r2<<1|r1>>63
/*
* Now reduce modulo the GCM polynomial x^128 + x^7 + x^2 + x + 1
@ -166,44 +196,44 @@ void aesni_gcm_mult( unsigned char c[16],
* Currently xmm2:xmm1 holds x3:x2:x1:x0 (already shifted).
*/
/* Step 2 (1) */
"movdqa %%xmm1, %%xmm3 \n" // x1:x0
"movdqa %%xmm1, %%xmm4 \n" // same
"movdqa %%xmm1, %%xmm5 \n" // same
"psllq $63, %%xmm3 \n" // x1<<63:x0<<63 = stuff:a
"psllq $62, %%xmm4 \n" // x1<<62:x0<<62 = stuff:b
"psllq $57, %%xmm5 \n" // x1<<57:x0<<57 = stuff:c
"movdqa %%xmm1, %%xmm3 \n\t" // x1:x0
"movdqa %%xmm1, %%xmm4 \n\t" // same
"movdqa %%xmm1, %%xmm5 \n\t" // same
"psllq $63, %%xmm3 \n\t" // x1<<63:x0<<63 = stuff:a
"psllq $62, %%xmm4 \n\t" // x1<<62:x0<<62 = stuff:b
"psllq $57, %%xmm5 \n\t" // x1<<57:x0<<57 = stuff:c
/* Step 2 (2) */
"pxor %%xmm4, %%xmm3 \n" // stuff:a+b
"pxor %%xmm5, %%xmm3 \n" // stuff:a+b+c
"pslldq $8, %%xmm3 \n" // a+b+c:0
"pxor %%xmm3, %%xmm1 \n" // x1+a+b+c:x0 = d:x0
"pxor %%xmm4, %%xmm3 \n\t" // stuff:a+b
"pxor %%xmm5, %%xmm3 \n\t" // stuff:a+b+c
"pslldq $8, %%xmm3 \n\t" // a+b+c:0
"pxor %%xmm3, %%xmm1 \n\t" // x1+a+b+c:x0 = d:x0
/* Steps 3 and 4 */
"movdqa %%xmm1,%%xmm0 \n" // d:x0
"movdqa %%xmm1,%%xmm4 \n" // same
"movdqa %%xmm1,%%xmm5 \n" // same
"psrlq $1, %%xmm0 \n" // e1:x0>>1 = e1:e0'
"psrlq $2, %%xmm4 \n" // f1:x0>>2 = f1:f0'
"psrlq $7, %%xmm5 \n" // g1:x0>>7 = g1:g0'
"pxor %%xmm4, %%xmm0 \n" // e1+f1:e0'+f0'
"pxor %%xmm5, %%xmm0 \n" // e1+f1+g1:e0'+f0'+g0'
// e0'+f0'+g0' is almost e0+f0+g0, except for some missing
// bits carried from d. Now get those bits back in.
"movdqa %%xmm1,%%xmm3 \n" // d:x0
"movdqa %%xmm1,%%xmm4 \n" // same
"movdqa %%xmm1,%%xmm5 \n" // same
"psllq $63, %%xmm3 \n" // d<<63:stuff
"psllq $62, %%xmm4 \n" // d<<62:stuff
"psllq $57, %%xmm5 \n" // d<<57:stuff
"pxor %%xmm4, %%xmm3 \n" // d<<63+d<<62:stuff
"pxor %%xmm5, %%xmm3 \n" // missing bits of d:stuff
"psrldq $8, %%xmm3 \n" // 0:missing bits of d
"pxor %%xmm3, %%xmm0 \n" // e1+f1+g1:e0+f0+g0
"pxor %%xmm1, %%xmm0 \n" // h1:h0
"pxor %%xmm2, %%xmm0 \n" // x3+h1:x2+h0
"movdqa %%xmm1,%%xmm0 \n\t" // d:x0
"movdqa %%xmm1,%%xmm4 \n\t" // same
"movdqa %%xmm1,%%xmm5 \n\t" // same
"psrlq $1, %%xmm0 \n\t" // e1:x0>>1 = e1:e0'
"psrlq $2, %%xmm4 \n\t" // f1:x0>>2 = f1:f0'
"psrlq $7, %%xmm5 \n\t" // g1:x0>>7 = g1:g0'
"pxor %%xmm4, %%xmm0 \n\t" // e1+f1:e0'+f0'
"pxor %%xmm5, %%xmm0 \n\t" // e1+f1+g1:e0'+f0'+g0'
// e0'+f0'+g0' is almost e0+f0+g0, ex\tcept for some missing
// bits carried from d. Now get those\t bits back in.
"movdqa %%xmm1,%%xmm3 \n\t" // d:x0
"movdqa %%xmm1,%%xmm4 \n\t" // same
"movdqa %%xmm1,%%xmm5 \n\t" // same
"psllq $63, %%xmm3 \n\t" // d<<63:stuff
"psllq $62, %%xmm4 \n\t" // d<<62:stuff
"psllq $57, %%xmm5 \n\t" // d<<57:stuff
"pxor %%xmm4, %%xmm3 \n\t" // d<<63+d<<62:stuff
"pxor %%xmm5, %%xmm3 \n\t" // missing bits of d:stuff
"psrldq $8, %%xmm3 \n\t" // 0:missing bits of d
"pxor %%xmm3, %%xmm0 \n\t" // e1+f1+g1:e0+f0+g0
"pxor %%xmm1, %%xmm0 \n\t" // h1:h0
"pxor %%xmm2, %%xmm0 \n\t" // x3+h1:x2+h0
"movdqu %%xmm0, (%2) \n" // done
"movdqu %%xmm0, (%2) \n\t" // done
:
: "r" (aa), "r" (bb), "r" (cc)
: "memory", "cc", "xmm0", "xmm1", "xmm2", "xmm3", "xmm4", "xmm5" );
@ -227,9 +257,9 @@ void aesni_inverse_key( unsigned char *invkey,
memcpy( ik, fk, 16 );
for( fk -= 16, ik += 16; fk > fwdkey; fk -= 16, ik += 16 )
asm( "movdqu (%0), %%xmm0 \n"
"aesimc %%xmm0, %%xmm0 \n"
"movdqu %%xmm0, (%1) \n"
asm( "movdqu (%0), %%xmm0 \n\t"
AESIMC xmm0_xmm0 "\n\t"
"movdqu %%xmm0, (%1) \n\t"
:
: "r" (fk), "r" (ik)
: "memory", "xmm0" );
@ -243,9 +273,9 @@ void aesni_inverse_key( unsigned char *invkey,
static void aesni_setkey_enc_128( unsigned char *rk,
const unsigned char *key )
{
asm( "movdqu (%1), %%xmm0 \n" // copy the original key
"movdqu %%xmm0, (%0) \n" // as round key 0
"jmp 2f \n" // skip auxiliary routine
asm( "movdqu (%1), %%xmm0 \n\t" // copy the original key
"movdqu %%xmm0, (%0) \n\t" // as round key 0
"jmp 2f \n\t" // skip auxiliary routine
/*
* Finish generating the next round key.
@ -257,31 +287,31 @@ static void aesni_setkey_enc_128( unsigned char *rk,
* with r4 = X + r0, r5 = r4 + r1, r6 = r5 + r2, r7 = r6 + r3
* and those are written to the round key buffer.
*/
"1: \n"
"pshufd $0xff, %%xmm1, %%xmm1 \n" // X:X:X:X
"pxor %%xmm0, %%xmm1 \n" // X+r3:X+r2:X+r1:r4
"pslldq $4, %%xmm0 \n" // r2:r1:r0:0
"pxor %%xmm0, %%xmm1 \n" // X+r3+r2:X+r2+r1:r5:r4
"pslldq $4, %%xmm0 \n" // etc
"pxor %%xmm0, %%xmm1 \n"
"pslldq $4, %%xmm0 \n"
"pxor %%xmm1, %%xmm0 \n" // update xmm0 for next time!
"add $16, %0 \n" // point to next round key
"movdqu %%xmm0, (%0) \n" // write it
"ret \n"
"1: \n\t"
"pshufd $0xff, %%xmm1, %%xmm1 \n\t" // X:X:X:X
"pxor %%xmm0, %%xmm1 \n\t" // X+r3:X+r2:X+r1:r4
"pslldq $4, %%xmm0 \n\t" // r2:r1:r0:0
"pxor %%xmm0, %%xmm1 \n\t" // X+r3+r2:X+r2+r1:r5:r4
"pslldq $4, %%xmm0 \n\t" // etc
"pxor %%xmm0, %%xmm1 \n\t"
"pslldq $4, %%xmm0 \n\t"
"pxor %%xmm1, %%xmm0 \n\t" // update xmm0 for next time!
"add $16, %0 \n\t" // point to next round key
"movdqu %%xmm0, (%0) \n\t" // write it
"ret \n\t"
/* Main "loop" */
"2: \n"
"aeskeygenassist $0x01, %%xmm0, %%xmm1 \ncall 1b \n"
"aeskeygenassist $0x02, %%xmm0, %%xmm1 \ncall 1b \n"
"aeskeygenassist $0x04, %%xmm0, %%xmm1 \ncall 1b \n"
"aeskeygenassist $0x08, %%xmm0, %%xmm1 \ncall 1b \n"
"aeskeygenassist $0x10, %%xmm0, %%xmm1 \ncall 1b \n"
"aeskeygenassist $0x20, %%xmm0, %%xmm1 \ncall 1b \n"
"aeskeygenassist $0x40, %%xmm0, %%xmm1 \ncall 1b \n"
"aeskeygenassist $0x80, %%xmm0, %%xmm1 \ncall 1b \n"
"aeskeygenassist $0x1B, %%xmm0, %%xmm1 \ncall 1b \n"
"aeskeygenassist $0x36, %%xmm0, %%xmm1 \ncall 1b \n"
"2: \n\t"
AESKEYGENA xmm0_xmm1 ",0x01 \n\tcall 1b \n\t"
AESKEYGENA xmm0_xmm1 ",0x02 \n\tcall 1b \n\t"
AESKEYGENA xmm0_xmm1 ",0x04 \n\tcall 1b \n\t"
AESKEYGENA xmm0_xmm1 ",0x08 \n\tcall 1b \n\t"
AESKEYGENA xmm0_xmm1 ",0x10 \n\tcall 1b \n\t"
AESKEYGENA xmm0_xmm1 ",0x20 \n\tcall 1b \n\t"
AESKEYGENA xmm0_xmm1 ",0x40 \n\tcall 1b \n\t"
AESKEYGENA xmm0_xmm1 ",0x80 \n\tcall 1b \n\t"
AESKEYGENA xmm0_xmm1 ",0x1B \n\tcall 1b \n\t"
AESKEYGENA xmm0_xmm1 ",0x36 \n\tcall 1b \n\t"
:
: "r" (rk), "r" (key)
: "memory", "cc", "0" );
@ -293,13 +323,13 @@ static void aesni_setkey_enc_128( unsigned char *rk,
static void aesni_setkey_enc_192( unsigned char *rk,
const unsigned char *key )
{
asm( "movdqu (%1), %%xmm0 \n" // copy original round key
"movdqu %%xmm0, (%0) \n"
"add $16, %0 \n"
"movq 16(%1), %%xmm1 \n"
"movq %%xmm1, (%0) \n"
"add $8, %0 \n"
"jmp 2f \n" // skip auxiliary routine
asm( "movdqu (%1), %%xmm0 \n\t" // copy original round key
"movdqu %%xmm0, (%0) \n\t"
"add $16, %0 \n\t"
"movq 16(%1), %%xmm1 \n\t"
"movq %%xmm1, (%0) \n\t"
"add $8, %0 \n\t"
"jmp 2f \n\t" // skip auxiliary routine
/*
* Finish generating the next 6 quarter-keys.
@ -310,34 +340,34 @@ static void aesni_setkey_enc_192( unsigned char *rk,
* On exit, xmm0 is r9:r8:r7:r6 and xmm1 is stuff:stuff:r11:r10
* and those are written to the round key buffer.
*/
"1: \n"
"pshufd $0x55, %%xmm2, %%xmm2 \n" // X:X:X:X
"pxor %%xmm0, %%xmm2 \n" // X+r3:X+r2:X+r1:r4
"pslldq $4, %%xmm0 \n" // etc
"pxor %%xmm0, %%xmm2 \n"
"pslldq $4, %%xmm0 \n"
"pxor %%xmm0, %%xmm2 \n"
"pslldq $4, %%xmm0 \n"
"pxor %%xmm2, %%xmm0 \n" // update xmm0 = r9:r8:r7:r6
"movdqu %%xmm0, (%0) \n"
"add $16, %0 \n"
"pshufd $0xff, %%xmm0, %%xmm2 \n" // r9:r9:r9:r9
"pxor %%xmm1, %%xmm2 \n" // stuff:stuff:r9+r5:r10
"pslldq $4, %%xmm1 \n" // r2:r1:r0:0
"pxor %%xmm2, %%xmm1 \n" // update xmm1 = stuff:stuff:r11:r10
"movq %%xmm1, (%0) \n"
"add $8, %0 \n"
"ret \n"
"1: \n\t"
"pshufd $0x55, %%xmm2, %%xmm2 \n\t" // X:X:X:X
"pxor %%xmm0, %%xmm2 \n\t" // X+r3:X+r2:X+r1:r4
"pslldq $4, %%xmm0 \n\t" // etc
"pxor %%xmm0, %%xmm2 \n\t"
"pslldq $4, %%xmm0 \n\t"
"pxor %%xmm0, %%xmm2 \n\t"
"pslldq $4, %%xmm0 \n\t"
"pxor %%xmm2, %%xmm0 \n\t" // update xmm0 = r9:r8:r7:r6
"movdqu %%xmm0, (%0) \n\t"
"add $16, %0 \n\t"
"pshufd $0xff, %%xmm0, %%xmm2 \n\t" // r9:r9:r9:r9
"pxor %%xmm1, %%xmm2 \n\t" // stuff:stuff:r9+r5:r10
"pslldq $4, %%xmm1 \n\t" // r2:r1:r0:0
"pxor %%xmm2, %%xmm1 \n\t" // xmm1 = stuff:stuff:r11:r10
"movq %%xmm1, (%0) \n\t"
"add $8, %0 \n\t"
"ret \n\t"
"2: \n"
"aeskeygenassist $0x01, %%xmm1, %%xmm2 \ncall 1b \n"
"aeskeygenassist $0x02, %%xmm1, %%xmm2 \ncall 1b \n"
"aeskeygenassist $0x04, %%xmm1, %%xmm2 \ncall 1b \n"
"aeskeygenassist $0x08, %%xmm1, %%xmm2 \ncall 1b \n"
"aeskeygenassist $0x10, %%xmm1, %%xmm2 \ncall 1b \n"
"aeskeygenassist $0x20, %%xmm1, %%xmm2 \ncall 1b \n"
"aeskeygenassist $0x40, %%xmm1, %%xmm2 \ncall 1b \n"
"aeskeygenassist $0x80, %%xmm1, %%xmm2 \ncall 1b \n"
"2: \n\t"
AESKEYGENA xmm1_xmm2 ",0x01 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x02 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x04 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x08 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x10 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x20 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x40 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x80 \n\tcall 1b \n\t"
:
: "r" (rk), "r" (key)
@ -350,12 +380,12 @@ static void aesni_setkey_enc_192( unsigned char *rk,
static void aesni_setkey_enc_256( unsigned char *rk,
const unsigned char *key )
{
asm( "movdqu (%1), %%xmm0 \n"
"movdqu %%xmm0, (%0) \n"
"add $16, %0 \n"
"movdqu 16(%1), %%xmm1 \n"
"movdqu %%xmm1, (%0) \n"
"jmp 2f \n" // skip auxiliary routine
asm( "movdqu (%1), %%xmm0 \n\t"
"movdqu %%xmm0, (%0) \n\t"
"add $16, %0 \n\t"
"movdqu 16(%1), %%xmm1 \n\t"
"movdqu %%xmm1, (%0) \n\t"
"jmp 2f \n\t" // skip auxiliary routine
/*
* Finish generating the next two round keys.
@ -366,45 +396,45 @@ static void aesni_setkey_enc_256( unsigned char *rk,
* On exit, xmm0 is r11:r10:r9:r8 and xmm1 is r15:r14:r13:r12
* and those have been written to the output buffer.
*/
"1: \n"
"pshufd $0xff, %%xmm2, %%xmm2 \n"
"pxor %%xmm0, %%xmm2 \n"
"pslldq $4, %%xmm0 \n"
"pxor %%xmm0, %%xmm2 \n"
"pslldq $4, %%xmm0 \n"
"pxor %%xmm0, %%xmm2 \n"
"pslldq $4, %%xmm0 \n"
"pxor %%xmm2, %%xmm0 \n"
"add $16, %0 \n"
"movdqu %%xmm0, (%0) \n"
"1: \n\t"
"pshufd $0xff, %%xmm2, %%xmm2 \n\t"
"pxor %%xmm0, %%xmm2 \n\t"
"pslldq $4, %%xmm0 \n\t"
"pxor %%xmm0, %%xmm2 \n\t"
"pslldq $4, %%xmm0 \n\t"
"pxor %%xmm0, %%xmm2 \n\t"
"pslldq $4, %%xmm0 \n\t"
"pxor %%xmm2, %%xmm0 \n\t"
"add $16, %0 \n\t"
"movdqu %%xmm0, (%0) \n\t"
/* Set xmm2 to stuff:Y:stuff:stuff with Y = subword( r11 )
* and proceed to generate next round key from there */
"aeskeygenassist $0, %%xmm0, %%xmm2\n"
"pshufd $0xaa, %%xmm2, %%xmm2 \n"
"pxor %%xmm1, %%xmm2 \n"
"pslldq $4, %%xmm1 \n"
"pxor %%xmm1, %%xmm2 \n"
"pslldq $4, %%xmm1 \n"
"pxor %%xmm1, %%xmm2 \n"
"pslldq $4, %%xmm1 \n"
"pxor %%xmm2, %%xmm1 \n"
"add $16, %0 \n"
"movdqu %%xmm1, (%0) \n"
"ret \n"
AESKEYGENA xmm0_xmm2 ",0x00 \n\t"
"pshufd $0xaa, %%xmm2, %%xmm2 \n\t"
"pxor %%xmm1, %%xmm2 \n\t"
"pslldq $4, %%xmm1 \n\t"
"pxor %%xmm1, %%xmm2 \n\t"
"pslldq $4, %%xmm1 \n\t"
"pxor %%xmm1, %%xmm2 \n\t"
"pslldq $4, %%xmm1 \n\t"
"pxor %%xmm2, %%xmm1 \n\t"
"add $16, %0 \n\t"
"movdqu %%xmm1, (%0) \n\t"
"ret \n\t"
/*
* Main "loop" - Generating one more key than necessary,
* see definition of aes_context.buf
*/
"2: \n"
"aeskeygenassist $0x01, %%xmm1, %%xmm2 \ncall 1b \n"
"aeskeygenassist $0x02, %%xmm1, %%xmm2 \ncall 1b \n"
"aeskeygenassist $0x04, %%xmm1, %%xmm2 \ncall 1b \n"
"aeskeygenassist $0x08, %%xmm1, %%xmm2 \ncall 1b \n"
"aeskeygenassist $0x10, %%xmm1, %%xmm2 \ncall 1b \n"
"aeskeygenassist $0x20, %%xmm1, %%xmm2 \ncall 1b \n"
"aeskeygenassist $0x40, %%xmm1, %%xmm2 \ncall 1b \n"
"2: \n\t"
AESKEYGENA xmm1_xmm2 ",0x01 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x02 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x04 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x08 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x10 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x20 \n\tcall 1b \n\t"
AESKEYGENA xmm1_xmm2 ",0x40 \n\tcall 1b \n\t"
:
: "r" (rk), "r" (key)
: "memory", "cc", "0" );

View File

@ -1,7 +1,7 @@
/*
* An implementation of the ARCFOUR algorithm
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -28,18 +28,47 @@
* http://groups.google.com/group/sci.crypt/msg/10a300c9d21afca0
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_ARC4_C)
#include "polarssl/arc4.h"
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#define polarssl_printf printf
#endif
#if !defined(POLARSSL_ARC4_ALT)
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
void arc4_init( arc4_context *ctx )
{
memset( ctx, 0, sizeof( arc4_context ) );
}
void arc4_free( arc4_context *ctx )
{
if( ctx == NULL )
return;
polarssl_zeroize( ctx, sizeof( arc4_context ) );
}
/*
* ARC4 key schedule
*/
void arc4_setup( arc4_context *ctx, const unsigned char *key, unsigned int keylen )
void arc4_setup( arc4_context *ctx, const unsigned char *key,
unsigned int keylen )
{
int i, j, a;
unsigned int k;
@ -135,15 +164,17 @@ static const unsigned char arc4_test_ct[3][8] =
*/
int arc4_self_test( int verbose )
{
int i;
int i, ret = 0;
unsigned char ibuf[8];
unsigned char obuf[8];
arc4_context ctx;
arc4_init( &ctx );
for( i = 0; i < 3; i++ )
{
if( verbose != 0 )
printf( " ARC4 test #%d: ", i + 1 );
polarssl_printf( " ARC4 test #%d: ", i + 1 );
memcpy( ibuf, arc4_test_pt[i], 8 );
@ -153,21 +184,25 @@ int arc4_self_test( int verbose )
if( memcmp( obuf, arc4_test_ct[i], 8 ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
ret = 1;
goto exit;
}
if( verbose != 0 )
printf( "passed\n" );
polarssl_printf( "passed\n" );
}
if( verbose != 0 )
printf( "\n" );
polarssl_printf( "\n" );
return( 0 );
exit:
arc4_free( &ctx );
return( ret );
}
#endif
#endif /* POLARSSL_SELF_TEST */
#endif
#endif /* POLARSSL_ARC4_C */

View File

@ -1,7 +1,7 @@
/*
* Generic ASN.1 parsing
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -23,7 +23,11 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_ASN1_PARSE_C)
@ -33,8 +37,8 @@
#include "polarssl/bignum.h"
#endif
#if defined(POLARSSL_MEMORY_C)
#include "polarssl/memory.h"
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#define polarssl_malloc malloc
#define polarssl_free free
@ -87,7 +91,8 @@ int asn1_get_len( unsigned char **p,
if( ( end - *p ) < 5 )
return( POLARSSL_ERR_ASN1_OUT_OF_DATA );
*len = ( (*p)[1] << 24 ) | ( (*p)[2] << 16 ) | ( (*p)[3] << 8 ) | (*p)[4];
*len = ( (*p)[1] << 24 ) | ( (*p)[2] << 16 ) | ( (*p)[3] << 8 ) |
(*p)[4];
(*p) += 5;
break;
@ -189,7 +194,7 @@ int asn1_get_bitstring( unsigned char **p, const unsigned char *end,
return( ret );
/* Check length, subtract one for actual bit string length */
if ( bs->len < 1 )
if( bs->len < 1 )
return( POLARSSL_ERR_ASN1_OUT_OF_DATA );
bs->len -= 1;
@ -206,7 +211,7 @@ int asn1_get_bitstring( unsigned char **p, const unsigned char *end,
if( *p != end )
return( POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
return 0;
return( 0 );
}
/*
@ -260,7 +265,7 @@ int asn1_get_sequence_of( unsigned char **p,
*p += buf->len;
/* Allocate and assign next pointer */
if (*p < end)
if( *p < end )
{
cur->next = (asn1_sequence *) polarssl_malloc(
sizeof( asn1_sequence ) );
@ -383,4 +388,4 @@ asn1_named_data *asn1_find_named_data( asn1_named_data *list,
return( list );
}
#endif
#endif /* POLARSSL_ASN1_PARSE_C */

View File

@ -1,7 +1,7 @@
/*
* ASN.1 buffer writing functionality
*
* Copyright (C) 2006-2012, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -23,14 +23,18 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_ASN1_WRITE_C)
#include "polarssl/asn1write.h"
#if defined(POLARSSL_MEMORY_C)
#include "polarssl/memory.h"
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#include <stdlib.h>
#define polarssl_malloc malloc
@ -109,12 +113,12 @@ int asn1_write_mpi( unsigned char **p, unsigned char *start, mpi *X )
return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
(*p) -= len;
mpi_write_binary( X, *p, len );
MPI_CHK( mpi_write_binary( X, *p, len ) );
// DER format assumes 2s complement for numbers, so the leftmost bit
// should be 0 for positive numbers and 1 for negative numbers.
//
if ( X->s ==1 && **p & 0x80 )
if( X->s ==1 && **p & 0x80 )
{
if( *p - start < 1 )
return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
@ -126,7 +130,10 @@ int asn1_write_mpi( unsigned char **p, unsigned char *start, mpi *X )
ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_INTEGER ) );
return( (int) len );
ret = (int) len;
cleanup:
return( ret );
}
#endif /* POLARSSL_BIGNUM_C */
@ -210,7 +217,7 @@ int asn1_write_int( unsigned char **p, unsigned char *start, int val )
len += 1;
*--(*p) = val;
if ( val > 0 && **p & 0x80 )
if( val > 0 && **p & 0x80 )
{
if( *p - start < 1 )
return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
@ -356,4 +363,4 @@ asn1_named_data *asn1_store_named_data( asn1_named_data **head,
return( cur );
}
#endif
#endif /* POLARSSL_ASN1_WRITE_C */

View File

@ -1,7 +1,7 @@
/*
* RFC 1521 base64 encoding/decoding
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -23,7 +23,11 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_BASE64_C)
@ -36,6 +40,12 @@ typedef UINT32 uint32_t;
#include <inttypes.h>
#endif
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#define polarssl_printf printf
#endif
static const unsigned char base64_enc_map[64] =
{
'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',
@ -77,9 +87,9 @@ int base64_encode( unsigned char *dst, size_t *dlen,
if( slen == 0 )
return( 0 );
n = (slen << 3) / 6;
n = ( slen << 3 ) / 6;
switch( (slen << 3) - (n * 6) )
switch( ( slen << 3 ) - ( n * 6 ) )
{
case 2: n += 3; break;
case 4: n += 2; break;
@ -92,7 +102,7 @@ int base64_encode( unsigned char *dst, size_t *dlen,
return( POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL );
}
n = (slen / 3) * 3;
n = ( slen / 3 ) * 3;
for( i = 0, p = dst; i < n; i += 3 )
{
@ -109,12 +119,12 @@ int base64_encode( unsigned char *dst, size_t *dlen,
if( i < slen )
{
C1 = *src++;
C2 = ((i + 1) < slen) ? *src++ : 0;
C2 = ( ( i + 1 ) < slen ) ? *src++ : 0;
*p++ = base64_enc_map[(C1 >> 2) & 0x3F];
*p++ = base64_enc_map[(((C1 & 3) << 4) + (C2 >> 4)) & 0x3F];
if( (i + 1) < slen )
if( ( i + 1 ) < slen )
*p++ = base64_enc_map[((C2 & 15) << 2) & 0x3F];
else *p++ = '=';
@ -161,7 +171,8 @@ int base64_decode( unsigned char *dst, size_t *dlen,
if( n == 0 )
return( 0 );
n = ((n * 6) + 7) >> 3;
n = ( ( n * 6 ) + 7 ) >> 3;
n -= j;
if( dst == NULL || *dlen < n )
{
@ -175,7 +186,7 @@ int base64_decode( unsigned char *dst, size_t *dlen,
continue;
j -= ( base64_dec_map[*src] == 64 );
x = (x << 6) | ( base64_dec_map[*src] & 0x3F );
x = ( x << 6 ) | ( base64_dec_map[*src] & 0x3F );
if( ++n == 4 )
{
@ -222,7 +233,7 @@ int base64_self_test( int verbose )
unsigned char buffer[128];
if( verbose != 0 )
printf( " Base64 encoding test: " );
polarssl_printf( " Base64 encoding test: " );
len = sizeof( buffer );
src = base64_test_dec;
@ -231,13 +242,13 @@ int base64_self_test( int verbose )
memcmp( base64_test_enc, buffer, 88 ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
printf( "passed\n Base64 decoding test: " );
polarssl_printf( "passed\n Base64 decoding test: " );
len = sizeof( buffer );
src = base64_test_enc;
@ -246,17 +257,17 @@ int base64_self_test( int verbose )
memcmp( base64_test_dec, buffer, 64 ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
printf( "passed\n\n" );
polarssl_printf( "passed\n\n" );
return( 0 );
}
#endif
#endif /* POLARSSL_SELF_TEST */
#endif
#endif /* POLARSSL_BASE64_C */

View File

@ -1,7 +1,7 @@
/*
* Multi-precision integer library
*
* Copyright (C) 2006-2010, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -30,22 +30,32 @@
* http://math.libtomcrypt.com/files/tommath.pdf
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_BIGNUM_C)
#include "polarssl/bignum.h"
#include "polarssl/bn_mul.h"
#if defined(POLARSSL_MEMORY_C)
#include "polarssl/memory.h"
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#define polarssl_printf printf
#define polarssl_malloc malloc
#define polarssl_free free
#endif
#include <stdlib.h>
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
#define ciL (sizeof(t_uint)) /* chars in limb */
#define biL (ciL << 3) /* bits in limb */
#define biH (ciL << 2) /* half limb size */
@ -79,7 +89,7 @@ void mpi_free( mpi *X )
if( X->p != NULL )
{
memset( X->p, 0, X->n * ciL );
polarssl_zeroize( X->p, X->n * ciL );
polarssl_free( X->p );
}
@ -108,7 +118,7 @@ int mpi_grow( mpi *X, size_t nblimbs )
if( X->p != NULL )
{
memcpy( p, X->p, X->n * ciL );
memset( X->p, 0, X->n * ciL );
polarssl_zeroize( X->p, X->n * ciL );
polarssl_free( X->p );
}
@ -148,7 +158,7 @@ int mpi_shrink( mpi *X, size_t nblimbs )
if( X->p != NULL )
{
memcpy( p, X->p, i * ciL );
memset( X->p, 0, X->n * ciL );
polarssl_zeroize( X->p, X->n * ciL );
polarssl_free( X->p );
}
@ -219,13 +229,13 @@ int mpi_safe_cond_assign( mpi *X, const mpi *Y, unsigned char assign )
MPI_CHK( mpi_grow( X, Y->n ) );
X->s = X->s * (1 - assign) + Y->s * assign;
X->s = X->s * ( 1 - assign ) + Y->s * assign;
for( i = 0; i < Y->n; i++ )
X->p[i] = X->p[i] * (1 - assign) + Y->p[i] * assign;
X->p[i] = X->p[i] * ( 1 - assign ) + Y->p[i] * assign;
for( ; i < X->n; i++ )
X->p[i] *= (1 - assign);
X->p[i] *= ( 1 - assign );
cleanup:
return( ret );
@ -253,15 +263,15 @@ int mpi_safe_cond_swap( mpi *X, mpi *Y, unsigned char swap )
MPI_CHK( mpi_grow( Y, X->n ) );
s = X->s;
X->s = X->s * (1 - swap) + Y->s * swap;
Y->s = Y->s * (1 - swap) + s * swap;
X->s = X->s * ( 1 - swap ) + Y->s * swap;
Y->s = Y->s * ( 1 - swap ) + s * swap;
for( i = 0; i < X->n; i++ )
{
tmp = X->p[i];
X->p[i] = X->p[i] * (1 - swap) + Y->p[i] * swap;
Y->p[i] = Y->p[i] * (1 - swap) + tmp * swap;
X->p[i] = X->p[i] * ( 1 - swap ) + Y->p[i] * swap;
Y->p[i] = Y->p[i] * ( 1 - swap ) + tmp * swap;
}
cleanup:
@ -294,7 +304,7 @@ int mpi_get_bit( const mpi *X, size_t pos )
if( X->n * biL <= pos )
return( 0 );
return ( X->p[pos / biL] >> ( pos % biL ) ) & 0x01;
return( ( X->p[pos / biL] >> ( pos % biL ) ) & 0x01 );
}
/*
@ -307,12 +317,12 @@ int mpi_set_bit( mpi *X, size_t pos, unsigned char val )
size_t idx = pos % biL;
if( val != 0 && val != 1 )
return POLARSSL_ERR_MPI_BAD_INPUT_DATA;
return( POLARSSL_ERR_MPI_BAD_INPUT_DATA );
if( X->n * biL <= pos )
{
if( val == 0 )
return ( 0 );
return( 0 );
MPI_CHK( mpi_grow( X, off + 1 ) );
}
@ -416,7 +426,7 @@ int mpi_read_string( mpi *X, int radix, const char *s )
}
MPI_CHK( mpi_get_digit( &d, radix, s[i - 1] ) );
X->p[j / (2 * ciL)] |= d << ( (j % (2 * ciL)) << 2 );
X->p[j / ( 2 * ciL )] |= d << ( ( j % ( 2 * ciL ) ) << 2 );
}
}
else
@ -520,7 +530,7 @@ int mpi_write_string( const mpi *X, int radix, char *s, size_t *slen )
{
c = ( X->p[i - 1] >> ( ( j - 1 ) << 3) ) & 0xFF;
if( c == 0 && k == 0 && ( i + j + 3 ) != 0 )
if( c == 0 && k == 0 && ( i + j ) != 2 )
continue;
*(p++) = "0123456789ABCDEF" [c / 16];
@ -616,7 +626,7 @@ int mpi_write_file( const char *p, const mpi *X, int radix, FILE *fout )
return( POLARSSL_ERR_MPI_FILE_IO_ERROR );
}
else
printf( "%s%s", p, s );
polarssl_printf( "%s%s", p, s );
cleanup:
@ -1078,7 +1088,7 @@ void mpi_mul_hlp( size_t i, t_uint *s, t_uint *d, t_uint b )
MULADDC_CORE
MULADDC_STOP
}
#else
#else /* MULADDC_HUIT */
for( ; i >= 16; i -= 16 )
{
MULADDC_INIT
@ -1111,7 +1121,7 @@ void mpi_mul_hlp( size_t i, t_uint *s, t_uint *d, t_uint b )
MULADDC_CORE
MULADDC_STOP
}
#endif
#endif /* MULADDC_HUIT */
t++;
@ -1216,14 +1226,14 @@ int mpi_div_mpi( mpi *Q, mpi *R, const mpi *A, const mpi *B )
n = X.n - 1;
t = Y.n - 1;
MPI_CHK( mpi_shift_l( &Y, biL * (n - t) ) );
MPI_CHK( mpi_shift_l( &Y, biL * ( n - t ) ) );
while( mpi_cmp_mpi( &X, &Y ) >= 0 )
{
Z.p[n - t]++;
MPI_CHK( mpi_sub_mpi( &X, &X, &Y ) );
}
MPI_CHK( mpi_shift_r( &Y, biL * (n - t) ) );
MPI_CHK( mpi_shift_r( &Y, biL * ( n - t ) ) );
for( i = n; i > t ; i-- )
{
@ -1231,14 +1241,24 @@ int mpi_div_mpi( mpi *Q, mpi *R, const mpi *A, const mpi *B )
Z.p[i - t - 1] = ~0;
else
{
#if defined(POLARSSL_HAVE_UDBL)
/*
* The version of Clang shipped by Apple with Mavericks around
* 2014-03 can't handle 128-bit division properly. Disable
* 128-bits division for this version. Let's be optimistic and
* assume it'll be fixed in the next minor version (next
* patchlevel is probably a bit too optimistic).
*/
#if defined(POLARSSL_HAVE_UDBL) && \
! ( defined(__x86_64__) && defined(__APPLE__) && \
defined(__clang_major__) && __clang_major__ == 5 && \
defined(__clang_minor__) && __clang_minor__ == 0 )
t_udbl r;
r = (t_udbl) X.p[i] << biL;
r |= (t_udbl) X.p[i - 1];
r /= Y.p[t];
if( r > ((t_udbl) 1 << biL) - 1)
r = ((t_udbl) 1 << biL) - 1;
if( r > ( (t_udbl) 1 << biL ) - 1 )
r = ( (t_udbl) 1 << biL ) - 1;
Z.p[i - t - 1] = (t_uint) r;
#else
@ -1281,7 +1301,7 @@ int mpi_div_mpi( mpi *Q, mpi *R, const mpi *A, const mpi *B )
r0 -= m;
Z.p[i - t - 1] = ( q1 << biH ) | q0;
#endif
#endif /* POLARSSL_HAVE_UDBL && !64-bit Apple with Clang 5.0 */
}
Z.p[i - t - 1]++;
@ -1290,25 +1310,25 @@ int mpi_div_mpi( mpi *Q, mpi *R, const mpi *A, const mpi *B )
Z.p[i - t - 1]--;
MPI_CHK( mpi_lset( &T1, 0 ) );
T1.p[0] = (t < 1) ? 0 : Y.p[t - 1];
T1.p[0] = ( t < 1 ) ? 0 : Y.p[t - 1];
T1.p[1] = Y.p[t];
MPI_CHK( mpi_mul_int( &T1, &T1, Z.p[i - t - 1] ) );
MPI_CHK( mpi_lset( &T2, 0 ) );
T2.p[0] = (i < 2) ? 0 : X.p[i - 2];
T2.p[1] = (i < 1) ? 0 : X.p[i - 1];
T2.p[0] = ( i < 2 ) ? 0 : X.p[i - 2];
T2.p[1] = ( i < 1 ) ? 0 : X.p[i - 1];
T2.p[2] = X.p[i];
}
while( mpi_cmp_mpi( &T1, &T2 ) > 0 );
MPI_CHK( mpi_mul_int( &T1, &Y, Z.p[i - t - 1] ) );
MPI_CHK( mpi_shift_l( &T1, biL * (i - t - 1) ) );
MPI_CHK( mpi_shift_l( &T1, biL * ( i - t - 1 ) ) );
MPI_CHK( mpi_sub_mpi( &X, &X, &T1 ) );
if( mpi_cmp_int( &X, 0 ) < 0 )
{
MPI_CHK( mpi_copy( &T1, &Y ) );
MPI_CHK( mpi_shift_l( &T1, biL * (i - t - 1) ) );
MPI_CHK( mpi_shift_l( &T1, biL * ( i - t - 1 ) ) );
MPI_CHK( mpi_add_mpi( &X, &X, &T1 ) );
Z.p[i - t - 1]--;
}
@ -1362,7 +1382,7 @@ int mpi_mod_mpi( mpi *R, const mpi *A, const mpi *B )
int ret;
if( mpi_cmp_int( B, 0 ) < 0 )
return POLARSSL_ERR_MPI_NEGATIVE_VALUE;
return( POLARSSL_ERR_MPI_NEGATIVE_VALUE );
MPI_CHK( mpi_div_mpi( NULL, R, A, B ) );
@ -1389,7 +1409,7 @@ int mpi_mod_int( t_uint *r, const mpi *A, t_sint b )
return( POLARSSL_ERR_MPI_DIVISION_BY_ZERO );
if( b < 0 )
return POLARSSL_ERR_MPI_NEGATIVE_VALUE;
return( POLARSSL_ERR_MPI_NEGATIVE_VALUE );
/*
* handle trivial cases
@ -1440,14 +1460,13 @@ int mpi_mod_int( t_uint *r, const mpi *A, t_sint b )
static void mpi_montg_init( t_uint *mm, const mpi *N )
{
t_uint x, m0 = N->p[0];
unsigned int i;
x = m0;
x += ( ( m0 + 2 ) & 4 ) << 1;
x *= ( 2 - ( m0 * x ) );
if( biL >= 16 ) x *= ( 2 - ( m0 * x ) );
if( biL >= 32 ) x *= ( 2 - ( m0 * x ) );
if( biL >= 64 ) x *= ( 2 - ( m0 * x ) );
for( i = biL; i >= 8; i /= 2 )
x *= ( 2 - ( m0 * x ) );
*mm = ~x + 1;
}
@ -1455,7 +1474,8 @@ static void mpi_montg_init( t_uint *mm, const mpi *N )
/*
* Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36)
*/
static void mpi_montmul( mpi *A, const mpi *B, const mpi *N, t_uint mm, const mpi *T )
static void mpi_montmul( mpi *A, const mpi *B, const mpi *N, t_uint mm,
const mpi *T )
{
size_t i, n, m;
t_uint u0, u1, *d;
@ -1480,7 +1500,7 @@ static void mpi_montmul( mpi *A, const mpi *B, const mpi *N, t_uint mm, const mp
*d++ = u0; d[n + 1] = 0;
}
memcpy( A->p, d, (n + 1) * ciL );
memcpy( A->p, d, ( n + 1 ) * ciL );
if( mpi_cmp_abs( A, N ) >= 0 )
mpi_sub_hlp( n, N->p, A->p );
@ -1590,7 +1610,7 @@ int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR )
/*
* W[1 << (wsize - 1)] = W[1] ^ (wsize - 1)
*/
j = one << (wsize - 1);
j = one << ( wsize - 1 );
MPI_CHK( mpi_grow( &W[j], N->n + 1 ) );
MPI_CHK( mpi_copy( &W[j], &W[1] ) );
@ -1601,7 +1621,7 @@ int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR )
/*
* W[i] = W[i - 1] * W[1]
*/
for( i = j + 1; i < (one << wsize); i++ )
for( i = j + 1; i < ( one << wsize ); i++ )
{
MPI_CHK( mpi_grow( &W[i], N->n + 1 ) );
MPI_CHK( mpi_copy( &W[i], &W[i - 1] ) );
@ -1653,7 +1673,7 @@ int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR )
state = 2;
nbits++;
wbits |= (ei << (wsize - nbits));
wbits |= ( ei << ( wsize - nbits ) );
if( nbits == wsize )
{
@ -1683,7 +1703,7 @@ int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR )
wbits <<= 1;
if( (wbits & (one << wsize)) != 0 )
if( ( wbits & ( one << wsize ) ) != 0 )
mpi_montmul( X, &W[1], N, mm, &T );
}
@ -1700,12 +1720,12 @@ int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR )
cleanup:
for( i = (one << (wsize - 1)); i < (one << wsize); i++ )
for( i = ( one << ( wsize - 1 ) ); i < ( one << wsize ); i++ )
mpi_free( &W[i] );
mpi_free( &W[1] ); mpi_free( &T ); mpi_free( &Apos );
if( _RR == NULL )
if( _RR == NULL || _RR->p == NULL )
mpi_free( &RR );
return( ret );
@ -1728,7 +1748,7 @@ int mpi_gcd( mpi *G, const mpi *A, const mpi *B )
lz = mpi_lsb( &TA );
lzt = mpi_lsb( &TB );
if ( lzt < lz )
if( lzt < lz )
lz = lzt;
MPI_CHK( mpi_shift_r( &TA, lz ) );
@ -1763,16 +1783,25 @@ cleanup:
return( ret );
}
/*
* Fill X with size bytes of random.
*
* Use a temporary bytes representation to make sure the result is the same
* regardless of the platform endianness (useful when f_rng is actually
* deterministic, eg for tests).
*/
int mpi_fill_random( mpi *X, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
int ret;
unsigned char buf[POLARSSL_MPI_MAX_SIZE];
MPI_CHK( mpi_grow( X, CHARS_TO_LIMBS( size ) ) );
MPI_CHK( mpi_lset( X, 0 ) );
if( size > POLARSSL_MPI_MAX_SIZE )
return( POLARSSL_ERR_MPI_BAD_INPUT_DATA );
MPI_CHK( f_rng( p_rng, (unsigned char *) X->p, size ) );
MPI_CHK( f_rng( p_rng, buf, size ) );
MPI_CHK( mpi_read_binary( X, buf, size ) );
cleanup:
return( ret );
@ -2189,19 +2218,19 @@ int mpi_self_test( int verbose )
"30879B56C61DE584A0F53A2447A51E" ) );
if( verbose != 0 )
printf( " MPI test #1 (mul_mpi): " );
polarssl_printf( " MPI test #1 (mul_mpi): " );
if( mpi_cmp_mpi( &X, &U ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
ret = 1;
goto cleanup;
}
if( verbose != 0 )
printf( "passed\n" );
polarssl_printf( "passed\n" );
MPI_CHK( mpi_div_mpi( &X, &Y, &A, &N ) );
@ -2214,20 +2243,20 @@ int mpi_self_test( int verbose )
"9EE50D0657C77F374E903CDFA4C642" ) );
if( verbose != 0 )
printf( " MPI test #2 (div_mpi): " );
polarssl_printf( " MPI test #2 (div_mpi): " );
if( mpi_cmp_mpi( &X, &U ) != 0 ||
mpi_cmp_mpi( &Y, &V ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
ret = 1;
goto cleanup;
}
if( verbose != 0 )
printf( "passed\n" );
polarssl_printf( "passed\n" );
MPI_CHK( mpi_exp_mod( &X, &A, &E, &N, NULL ) );
@ -2237,19 +2266,19 @@ int mpi_self_test( int verbose )
"325D24D6A3C12710F10A09FA08AB87" ) );
if( verbose != 0 )
printf( " MPI test #3 (exp_mod): " );
polarssl_printf( " MPI test #3 (exp_mod): " );
if( mpi_cmp_mpi( &X, &U ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
ret = 1;
goto cleanup;
}
if( verbose != 0 )
printf( "passed\n" );
polarssl_printf( "passed\n" );
MPI_CHK( mpi_inv_mod( &X, &A, &N ) );
@ -2259,24 +2288,24 @@ int mpi_self_test( int verbose )
"C5B8A74DAC4D09E03B5E0BE779F2DF61" ) );
if( verbose != 0 )
printf( " MPI test #4 (inv_mod): " );
polarssl_printf( " MPI test #4 (inv_mod): " );
if( mpi_cmp_mpi( &X, &U ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
ret = 1;
goto cleanup;
}
if( verbose != 0 )
printf( "passed\n" );
polarssl_printf( "passed\n" );
if( verbose != 0 )
printf( " MPI test #5 (simple gcd): " );
polarssl_printf( " MPI test #5 (simple gcd): " );
for ( i = 0; i < GCD_PAIR_COUNT; i++)
for( i = 0; i < GCD_PAIR_COUNT; i++ )
{
MPI_CHK( mpi_lset( &X, gcd_pairs[i][0] ) );
MPI_CHK( mpi_lset( &Y, gcd_pairs[i][1] ) );
@ -2286,7 +2315,7 @@ int mpi_self_test( int verbose )
if( mpi_cmp_int( &A, gcd_pairs[i][2] ) != 0 )
{
if( verbose != 0 )
printf( "failed at %d\n", i );
polarssl_printf( "failed at %d\n", i );
ret = 1;
goto cleanup;
@ -2294,22 +2323,22 @@ int mpi_self_test( int verbose )
}
if( verbose != 0 )
printf( "passed\n" );
polarssl_printf( "passed\n" );
cleanup:
if( ret != 0 && verbose != 0 )
printf( "Unexpected error, return code = %08X\n", ret );
polarssl_printf( "Unexpected error, return code = %08X\n", ret );
mpi_free( &A ); mpi_free( &E ); mpi_free( &N ); mpi_free( &X );
mpi_free( &Y ); mpi_free( &U ); mpi_free( &V );
if( verbose != 0 )
printf( "\n" );
polarssl_printf( "\n" );
return( ret );
}
#endif
#endif /* POLARSSL_SELF_TEST */
#endif
#endif /* POLARSSL_BIGNUM_C */

View File

@ -1,7 +1,7 @@
/*
* Blowfish implementation
*
* Copyright (C) 2012-2013, Brainspark B.V.
* Copyright (C) 2012-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -29,7 +29,11 @@
*
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_BLOWFISH_C)
@ -37,6 +41,11 @@
#if !defined(POLARSSL_BLOWFISH_ALT)
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/*
* 32-bit integer manipulation macros (big endian)
*/
@ -71,7 +80,7 @@ static const uint32_t P[BLOWFISH_ROUNDS + 2] = {
/* declarations of data at the end of this file */
static const uint32_t S[4][256];
static uint32_t F(blowfish_context *ctx, uint32_t x)
static uint32_t F( blowfish_context *ctx, uint32_t x )
{
unsigned short a, b, c, d;
uint32_t y;
@ -87,10 +96,10 @@ static uint32_t F(blowfish_context *ctx, uint32_t x)
y = y ^ ctx->S[2][c];
y = y + ctx->S[3][d];
return y;
return( y );
}
static void blowfish_enc(blowfish_context *ctx, uint32_t *xl, uint32_t *xr)
static void blowfish_enc( blowfish_context *ctx, uint32_t *xl, uint32_t *xr )
{
uint32_t Xl, Xr, temp;
short i;
@ -98,10 +107,10 @@ static void blowfish_enc(blowfish_context *ctx, uint32_t *xl, uint32_t *xr)
Xl = *xl;
Xr = *xr;
for (i = 0; i < BLOWFISH_ROUNDS; ++i)
for( i = 0; i < BLOWFISH_ROUNDS; ++i )
{
Xl = Xl ^ ctx->P[i];
Xr = F(ctx, Xl) ^ Xr;
Xr = F( ctx, Xl ) ^ Xr;
temp = Xl;
Xl = Xr;
@ -119,7 +128,7 @@ static void blowfish_enc(blowfish_context *ctx, uint32_t *xl, uint32_t *xr)
*xr = Xr;
}
static void blowfish_dec(blowfish_context *ctx, uint32_t *xl, uint32_t *xr)
static void blowfish_dec( blowfish_context *ctx, uint32_t *xl, uint32_t *xr )
{
uint32_t Xl, Xr, temp;
short i;
@ -127,10 +136,10 @@ static void blowfish_dec(blowfish_context *ctx, uint32_t *xl, uint32_t *xr)
Xl = *xl;
Xr = *xr;
for (i = BLOWFISH_ROUNDS + 1; i > 1; --i)
for( i = BLOWFISH_ROUNDS + 1; i > 1; --i )
{
Xl = Xl ^ ctx->P[i];
Xr = F(ctx, Xl) ^ Xr;
Xr = F( ctx, Xl ) ^ Xr;
temp = Xl;
Xl = Xr;
@ -148,10 +157,24 @@ static void blowfish_dec(blowfish_context *ctx, uint32_t *xl, uint32_t *xr)
*xr = Xr;
}
void blowfish_init( blowfish_context *ctx )
{
memset( ctx, 0, sizeof( blowfish_context ) );
}
void blowfish_free( blowfish_context *ctx )
{
if( ctx == NULL )
return;
polarssl_zeroize( ctx, sizeof( blowfish_context ) );
}
/*
* Blowfish key schedule
*/
int blowfish_setkey( blowfish_context *ctx, const unsigned char *key, unsigned int keysize )
int blowfish_setkey( blowfish_context *ctx, const unsigned char *key,
unsigned int keysize )
{
unsigned int i, j, k;
uint32_t data, datal, datar;
@ -159,7 +182,7 @@ int blowfish_setkey( blowfish_context *ctx, const unsigned char *key, unsigned i
if( keysize < BLOWFISH_MIN_KEY || keysize > BLOWFISH_MAX_KEY ||
( keysize % 8 ) )
{
return POLARSSL_ERR_BLOWFISH_INVALID_KEY_LENGTH;
return( POLARSSL_ERR_BLOWFISH_INVALID_KEY_LENGTH );
}
keysize >>= 3;
@ -220,11 +243,11 @@ int blowfish_crypt_ecb( blowfish_context *ctx,
if( mode == BLOWFISH_DECRYPT )
{
blowfish_dec(ctx, &X0, &X1);
blowfish_dec( ctx, &X0, &X1 );
}
else /* BLOWFISH_ENCRYPT */
{
blowfish_enc(ctx, &X0, &X1);
blowfish_enc( ctx, &X0, &X1 );
}
PUT_UINT32_BE( X0, output, 0 );
@ -313,7 +336,7 @@ int blowfish_crypt_cfb64( blowfish_context *ctx,
*output++ = (unsigned char)( c ^ iv[n] );
iv[n] = (unsigned char) c;
n = (n + 1) % BLOWFISH_BLOCKSIZE;
n = ( n + 1 ) % BLOWFISH_BLOCKSIZE;
}
}
else
@ -325,7 +348,7 @@ int blowfish_crypt_cfb64( blowfish_context *ctx,
iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
n = (n + 1) % BLOWFISH_BLOCKSIZE;
n = ( n + 1 ) % BLOWFISH_BLOCKSIZE;
}
}
@ -353,7 +376,8 @@ int blowfish_crypt_ctr( blowfish_context *ctx,
while( length-- )
{
if( n == 0 ) {
blowfish_crypt_ecb( ctx, BLOWFISH_ENCRYPT, nonce_counter, stream_block );
blowfish_crypt_ecb( ctx, BLOWFISH_ENCRYPT, nonce_counter,
stream_block );
for( i = BLOWFISH_BLOCKSIZE; i > 0; i-- )
if( ++nonce_counter[i - 1] != 0 )
@ -362,7 +386,7 @@ int blowfish_crypt_ctr( blowfish_context *ctx,
c = *input++;
*output++ = (unsigned char)( c ^ stream_block[n] );
n = (n + 1) % BLOWFISH_BLOCKSIZE;
n = ( n + 1 ) % BLOWFISH_BLOCKSIZE;
}
*nc_off = n;

View File

@ -1,7 +1,7 @@
/*
* Camellia implementation
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -29,14 +29,29 @@
* http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_CAMELLIA_C)
#include "polarssl/camellia.h"
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#define polarssl_printf printf
#endif
#if !defined(POLARSSL_CAMELLIA_ALT)
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/*
* 32-bit integer manipulation macros (big endian)
*/
@ -97,7 +112,7 @@ static const unsigned char FSb[256] =
#define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
#define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
#else
#else /* POLARSSL_CAMELLIA_SMALL_MEMORY */
static const unsigned char FSb[256] =
{
@ -184,7 +199,7 @@ static const unsigned char FSb4[256] =
#define SBOX3(n) FSb3[(n)]
#define SBOX4(n) FSb4[(n)]
#endif
#endif /* POLARSSL_CAMELLIA_SMALL_MEMORY */
static const unsigned char shifts[2][4][4] =
{
@ -272,17 +287,18 @@ static const signed char transposes[2][20] =
TK[2] = KC[(OFFSET) * 4 + 2]; \
TK[3] = KC[(OFFSET) * 4 + 3]; \
\
for ( i = 1; i <= 4; i++ ) \
if (shifts[(INDEX)][(OFFSET)][i -1]) \
ROTL(TK + i * 4, TK, (15 * i) % 32); \
for( i = 1; i <= 4; i++ ) \
if( shifts[(INDEX)][(OFFSET)][i -1] ) \
ROTL(TK + i * 4, TK, ( 15 * i ) % 32); \
\
for ( i = 0; i < 20; i++ ) \
if (indexes[(INDEX)][(OFFSET)][i] != -1) { \
for( i = 0; i < 20; i++ ) \
if( indexes[(INDEX)][(OFFSET)][i] != -1 ) { \
RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ]; \
} \
}
static void camellia_feistel(const uint32_t x[2], const uint32_t k[2], uint32_t z[2])
static void camellia_feistel( const uint32_t x[2], const uint32_t k[2],
uint32_t z[2])
{
uint32_t I0, I1;
I0 = x[0] ^ k[0];
@ -306,10 +322,24 @@ static void camellia_feistel(const uint32_t x[2], const uint32_t k[2], uint32_t
z[1] ^= I0;
}
void camellia_init( camellia_context *ctx )
{
memset( ctx, 0, sizeof( camellia_context ) );
}
void camellia_free( camellia_context *ctx )
{
if( ctx == NULL )
return;
polarssl_zeroize( ctx, sizeof( camellia_context ) );
}
/*
* Camellia key schedule (encryption)
*/
int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key, unsigned int keysize )
int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key,
unsigned int keysize )
{
int idx;
size_t i;
@ -321,8 +351,8 @@ int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key, unsign
RK = ctx->rk;
memset(t, 0, 64);
memset(RK, 0, sizeof(ctx->rk));
memset( t, 0, 64 );
memset( RK, 0, sizeof(ctx->rk) );
switch( keysize )
{
@ -332,52 +362,52 @@ int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key, unsign
default : return( POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH );
}
for( i = 0; i < keysize / 8; ++i)
for( i = 0; i < keysize / 8; ++i )
t[i] = key[i];
if (keysize == 192) {
for (i = 0; i < 8; i++)
if( keysize == 192 ) {
for( i = 0; i < 8; i++ )
t[24 + i] = ~t[16 + i];
}
/*
* Prepare SIGMA values
*/
for (i = 0; i < 6; i++) {
GET_UINT32_BE(SIGMA[i][0], SIGMA_CHARS[i], 0);
GET_UINT32_BE(SIGMA[i][1], SIGMA_CHARS[i], 4);
for( i = 0; i < 6; i++ ) {
GET_UINT32_BE( SIGMA[i][0], SIGMA_CHARS[i], 0 );
GET_UINT32_BE( SIGMA[i][1], SIGMA_CHARS[i], 4 );
}
/*
* Key storage in KC
* Order: KL, KR, KA, KB
*/
memset(KC, 0, sizeof(KC));
memset( KC, 0, sizeof(KC) );
/* Store KL, KR */
for (i = 0; i < 8; i++)
GET_UINT32_BE(KC[i], t, i * 4);
for( i = 0; i < 8; i++ )
GET_UINT32_BE( KC[i], t, i * 4 );
/* Generate KA */
for( i = 0; i < 4; ++i)
for( i = 0; i < 4; ++i )
KC[8 + i] = KC[i] ^ KC[4 + i];
camellia_feistel(KC + 8, SIGMA[0], KC + 10);
camellia_feistel(KC + 10, SIGMA[1], KC + 8);
camellia_feistel( KC + 8, SIGMA[0], KC + 10 );
camellia_feistel( KC + 10, SIGMA[1], KC + 8 );
for( i = 0; i < 4; ++i)
for( i = 0; i < 4; ++i )
KC[8 + i] ^= KC[i];
camellia_feistel(KC + 8, SIGMA[2], KC + 10);
camellia_feistel(KC + 10, SIGMA[3], KC + 8);
camellia_feistel( KC + 8, SIGMA[2], KC + 10 );
camellia_feistel( KC + 10, SIGMA[3], KC + 8 );
if (keysize > 128) {
if( keysize > 128 ) {
/* Generate KB */
for( i = 0; i < 4; ++i)
for( i = 0; i < 4; ++i )
KC[12 + i] = KC[4 + i] ^ KC[8 + i];
camellia_feistel(KC + 12, SIGMA[4], KC + 14);
camellia_feistel(KC + 14, SIGMA[5], KC + 12);
camellia_feistel( KC + 12, SIGMA[4], KC + 14 );
camellia_feistel( KC + 14, SIGMA[5], KC + 12 );
}
/*
@ -385,24 +415,24 @@ int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key, unsign
*/
/* Manipulating KL */
SHIFT_AND_PLACE(idx, 0);
SHIFT_AND_PLACE( idx, 0 );
/* Manipulating KR */
if (keysize > 128) {
SHIFT_AND_PLACE(idx, 1);
if( keysize > 128 ) {
SHIFT_AND_PLACE( idx, 1 );
}
/* Manipulating KA */
SHIFT_AND_PLACE(idx, 2);
SHIFT_AND_PLACE( idx, 2 );
/* Manipulating KB */
if (keysize > 128) {
SHIFT_AND_PLACE(idx, 3);
if( keysize > 128 ) {
SHIFT_AND_PLACE( idx, 3 );
}
/* Do transpositions */
for ( i = 0; i < 20; i++ ) {
if (transposes[idx][i] != -1) {
for( i = 0; i < 20; i++ ) {
if( transposes[idx][i] != -1 ) {
RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
}
}
@ -413,29 +443,25 @@ int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key, unsign
/*
* Camellia key schedule (decryption)
*/
int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key, unsigned int keysize )
int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key,
unsigned int keysize )
{
int idx;
int idx, ret;
size_t i;
camellia_context cty;
uint32_t *RK;
uint32_t *SK;
int ret;
switch( keysize )
{
case 128: ctx->nr = 3; idx = 0; break;
case 192:
case 256: ctx->nr = 4; idx = 1; break;
default : return( POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH );
}
camellia_init( &cty );
/* Also checks keysize */
if( ( ret = camellia_setkey_enc( &cty, key, keysize ) ) )
goto exit;
ctx->nr = cty.nr;
idx = ( ctx->nr == 4 );
RK = ctx->rk;
ret = camellia_setkey_enc(&cty, key, keysize);
if( ret != 0 )
return( ret );
SK = cty.rk + 24 * 2 + 8 * idx * 2;
*RK++ = *SK++;
@ -443,7 +469,7 @@ int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key, unsign
*RK++ = *SK++;
*RK++ = *SK++;
for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4)
for( i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4 )
{
*RK++ = *SK++;
*RK++ = *SK++;
@ -456,9 +482,10 @@ int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key, unsign
*RK++ = *SK++;
*RK++ = *SK++;
memset( &cty, 0, sizeof( camellia_context ) );
exit:
camellia_free( &cty );
return( 0 );
return( ret );
}
/*
@ -487,22 +514,22 @@ int camellia_crypt_ecb( camellia_context *ctx,
X[2] ^= *RK++;
X[3] ^= *RK++;
while (NR) {
while( NR ) {
--NR;
camellia_feistel(X, RK, X + 2);
camellia_feistel( X, RK, X + 2 );
RK += 2;
camellia_feistel(X + 2, RK, X);
camellia_feistel( X + 2, RK, X );
RK += 2;
camellia_feistel(X, RK, X + 2);
camellia_feistel( X, RK, X + 2 );
RK += 2;
camellia_feistel(X + 2, RK, X);
camellia_feistel( X + 2, RK, X );
RK += 2;
camellia_feistel(X, RK, X + 2);
camellia_feistel( X, RK, X + 2 );
RK += 2;
camellia_feistel(X + 2, RK, X);
camellia_feistel( X + 2, RK, X );
RK += 2;
if (NR) {
if( NR ) {
FL(X[0], X[1], RK[0], RK[1]);
RK += 2;
FLInv(X[2], X[3], RK[0], RK[1]);
@ -603,7 +630,7 @@ int camellia_crypt_cfb128( camellia_context *ctx,
*output++ = (unsigned char)( c ^ iv[n] );
iv[n] = (unsigned char) c;
n = (n + 1) & 0x0F;
n = ( n + 1 ) & 0x0F;
}
}
else
@ -615,7 +642,7 @@ int camellia_crypt_cfb128( camellia_context *ctx,
iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
n = (n + 1) & 0x0F;
n = ( n + 1 ) & 0x0F;
}
}
@ -643,7 +670,8 @@ int camellia_crypt_ctr( camellia_context *ctx,
while( length-- )
{
if( n == 0 ) {
camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, nonce_counter, stream_block );
camellia_crypt_ecb( ctx, CAMELLIA_ENCRYPT, nonce_counter,
stream_block );
for( i = 16; i > 0; i-- )
if( ++nonce_counter[i - 1] != 0 )
@ -652,7 +680,7 @@ int camellia_crypt_ctr( camellia_context *ctx,
c = *input++;
*output++ = (unsigned char)( c ^ stream_block[n] );
n = (n + 1) & 0x0F;
n = ( n + 1 ) & 0x0F;
}
*nc_off = n;
@ -884,44 +912,44 @@ int camellia_self_test( int verbose )
memset( key, 0, 32 );
for (j = 0; j < 6; j++) {
for( j = 0; j < 6; j++ ) {
u = j >> 1;
v = j & 1;
if( verbose != 0 )
printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
polarssl_printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
(v == CAMELLIA_DECRYPT) ? "dec" : "enc");
for (i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u);
for( i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u );
if (v == CAMELLIA_DECRYPT) {
camellia_setkey_dec(&ctx, key, 128 + u * 64);
memcpy(src, camellia_test_ecb_cipher[u][i], 16);
memcpy(dst, camellia_test_ecb_plain[i], 16);
if( v == CAMELLIA_DECRYPT ) {
camellia_setkey_dec( &ctx, key, 128 + u * 64 );
memcpy( src, camellia_test_ecb_cipher[u][i], 16 );
memcpy( dst, camellia_test_ecb_plain[i], 16 );
} else { /* CAMELLIA_ENCRYPT */
camellia_setkey_enc(&ctx, key, 128 + u * 64);
memcpy(src, camellia_test_ecb_plain[i], 16);
memcpy(dst, camellia_test_ecb_cipher[u][i], 16);
camellia_setkey_enc( &ctx, key, 128 + u * 64 );
memcpy( src, camellia_test_ecb_plain[i], 16 );
memcpy( dst, camellia_test_ecb_cipher[u][i], 16 );
}
camellia_crypt_ecb(&ctx, v, src, buf);
camellia_crypt_ecb( &ctx, v, src, buf );
if( memcmp( buf, dst, 16 ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
}
}
if( verbose != 0 )
printf( "passed\n" );
polarssl_printf( "passed\n" );
}
if( verbose != 0 )
printf( "\n" );
polarssl_printf( "\n" );
#if defined(POLARSSL_CIPHER_MODE_CBC)
/*
@ -933,49 +961,49 @@ int camellia_self_test( int verbose )
v = j & 1;
if( verbose != 0 )
printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
polarssl_printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" );
memcpy( src, camellia_test_cbc_iv, 16);
memcpy( dst, camellia_test_cbc_iv, 16);
memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u);
memcpy( src, camellia_test_cbc_iv, 16 );
memcpy( dst, camellia_test_cbc_iv, 16 );
memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u );
if (v == CAMELLIA_DECRYPT) {
camellia_setkey_dec(&ctx, key, 128 + u * 64);
if( v == CAMELLIA_DECRYPT ) {
camellia_setkey_dec( &ctx, key, 128 + u * 64 );
} else {
camellia_setkey_enc(&ctx, key, 128 + u * 64);
camellia_setkey_enc( &ctx, key, 128 + u * 64 );
}
for (i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
if (v == CAMELLIA_DECRYPT) {
if( v == CAMELLIA_DECRYPT ) {
memcpy( iv , src, 16 );
memcpy(src, camellia_test_cbc_cipher[u][i], 16);
memcpy(dst, camellia_test_cbc_plain[i], 16);
memcpy( src, camellia_test_cbc_cipher[u][i], 16 );
memcpy( dst, camellia_test_cbc_plain[i], 16 );
} else { /* CAMELLIA_ENCRYPT */
memcpy( iv , dst, 16 );
memcpy(src, camellia_test_cbc_plain[i], 16);
memcpy(dst, camellia_test_cbc_cipher[u][i], 16);
memcpy( src, camellia_test_cbc_plain[i], 16 );
memcpy( dst, camellia_test_cbc_cipher[u][i], 16 );
}
camellia_crypt_cbc(&ctx, v, 16, iv, src, buf);
camellia_crypt_cbc( &ctx, v, 16, iv, src, buf );
if( memcmp( buf, dst, 16 ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
}
}
if( verbose != 0 )
printf( "passed\n" );
polarssl_printf( "passed\n" );
}
#endif /* POLARSSL_CIPHER_MODE_CBC */
if( verbose != 0 )
printf( "\n" );
polarssl_printf( "\n" );
#if defined(POLARSSL_CIPHER_MODE_CTR)
/*
@ -987,7 +1015,7 @@ int camellia_self_test( int verbose )
v = i & 1;
if( verbose != 0 )
printf( " CAMELLIA-CTR-128 (%s): ",
polarssl_printf( " CAMELLIA-CTR-128 (%s): ",
( v == CAMELLIA_DECRYPT ) ? "dec" : "enc" );
memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 );
@ -1001,12 +1029,13 @@ int camellia_self_test( int verbose )
len = camellia_test_ctr_len[u];
memcpy( buf, camellia_test_ctr_ct[u], len );
camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, buf, buf );
camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
buf, buf );
if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
}
@ -1016,28 +1045,29 @@ int camellia_self_test( int verbose )
len = camellia_test_ctr_len[u];
memcpy( buf, camellia_test_ctr_pt[u], len );
camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, buf, buf );
camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
buf, buf );
if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
}
}
if( verbose != 0 )
printf( "passed\n" );
polarssl_printf( "passed\n" );
}
if( verbose != 0 )
printf( "\n" );
polarssl_printf( "\n" );
#endif /* POLARSSL_CIPHER_MODE_CTR */
return ( 0 );
return( 0 );
}
#endif
#endif /* POLARSSL_SELF_TEST */
#endif
#endif /* POLARSSL_CAMELLIA_C */

456
Externals/polarssl/library/ccm.c vendored Normal file
View File

@ -0,0 +1,456 @@
/*
* NIST SP800-38C compliant CCM implementation
*
* Copyright (C) 2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/*
* Definition of CCM:
* http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C_updated-July20_2007.pdf
* RFC 3610 "Counter with CBC-MAC (CCM)"
*
* Related:
* RFC 5116 "An Interface and Algorithms for Authenticated Encryption"
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_CCM_C)
#include "polarssl/ccm.h"
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
#define CCM_ENCRYPT 0
#define CCM_DECRYPT 1
/*
* Initialize context
*/
int ccm_init( ccm_context *ctx, cipher_id_t cipher,
const unsigned char *key, unsigned int keysize )
{
int ret;
const cipher_info_t *cipher_info;
memset( ctx, 0, sizeof( ccm_context ) );
cipher_init( &ctx->cipher_ctx );
cipher_info = cipher_info_from_values( cipher, keysize, POLARSSL_MODE_ECB );
if( cipher_info == NULL )
return( POLARSSL_ERR_CCM_BAD_INPUT );
if( cipher_info->block_size != 16 )
return( POLARSSL_ERR_CCM_BAD_INPUT );
if( ( ret = cipher_init_ctx( &ctx->cipher_ctx, cipher_info ) ) != 0 )
return( ret );
if( ( ret = cipher_setkey( &ctx->cipher_ctx, key, keysize,
POLARSSL_ENCRYPT ) ) != 0 )
{
return( ret );
}
return( 0 );
}
/*
* Free context
*/
void ccm_free( ccm_context *ctx )
{
cipher_free( &ctx->cipher_ctx );
polarssl_zeroize( ctx, sizeof( ccm_context ) );
}
/*
* Macros for common operations.
* Results in smaller compiled code than static inline functions.
*/
/*
* Update the CBC-MAC state in y using a block in b
* (Always using b as the source helps the compiler optimise a bit better.)
*/
#define UPDATE_CBC_MAC \
for( i = 0; i < 16; i++ ) \
y[i] ^= b[i]; \
\
if( ( ret = cipher_update( &ctx->cipher_ctx, y, 16, y, &olen ) ) != 0 ) \
return( ret );
/*
* Encrypt or decrypt a partial block with CTR
* Warning: using b for temporary storage! src and dst must not be b!
* This avoids allocating one more 16 bytes buffer while allowing src == dst.
*/
#define CTR_CRYPT( dst, src, len ) \
if( ( ret = cipher_update( &ctx->cipher_ctx, ctr, 16, b, &olen ) ) != 0 ) \
return( ret ); \
\
for( i = 0; i < len; i++ ) \
dst[i] = src[i] ^ b[i];
/*
* Authenticated encryption or decryption
*/
static int ccm_auth_crypt( ccm_context *ctx, int mode, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
unsigned char *tag, size_t tag_len )
{
int ret;
unsigned char i;
unsigned char q = 16 - 1 - iv_len;
size_t len_left, olen;
unsigned char b[16];
unsigned char y[16];
unsigned char ctr[16];
const unsigned char *src;
unsigned char *dst;
/*
* Check length requirements: SP800-38C A.1
* Additional requirement: a < 2^16 - 2^8 to simplify the code.
* 'length' checked later (when writing it to the first block)
*/
if( tag_len < 4 || tag_len > 16 || tag_len % 2 != 0 )
return( POLARSSL_ERR_CCM_BAD_INPUT );
/* Also implies q is within bounds */
if( iv_len < 7 || iv_len > 13 )
return( POLARSSL_ERR_CCM_BAD_INPUT );
if( add_len > 0xFF00 )
return( POLARSSL_ERR_CCM_BAD_INPUT );
/*
* First block B_0:
* 0 .. 0 flags
* 1 .. iv_len nonce (aka iv)
* iv_len+1 .. 15 length
*
* With flags as (bits):
* 7 0
* 6 add present?
* 5 .. 3 (t - 2) / 2
* 2 .. 0 q - 1
*/
b[0] = 0;
b[0] |= ( add_len > 0 ) << 6;
b[0] |= ( ( tag_len - 2 ) / 2 ) << 3;
b[0] |= q - 1;
memcpy( b + 1, iv, iv_len );
for( i = 0, len_left = length; i < q; i++, len_left >>= 8 )
b[15-i] = (unsigned char)( len_left & 0xFF );
if( len_left > 0 )
return( POLARSSL_ERR_CCM_BAD_INPUT );
/* Start CBC-MAC with first block */
memset( y, 0, 16 );
UPDATE_CBC_MAC;
/*
* If there is additional data, update CBC-MAC with
* add_len, add, 0 (padding to a block boundary)
*/
if( add_len > 0 )
{
size_t use_len;
len_left = add_len;
src = add;
memset( b, 0, 16 );
b[0] = (unsigned char)( ( add_len >> 8 ) & 0xFF );
b[1] = (unsigned char)( ( add_len ) & 0xFF );
use_len = len_left < 16 - 2 ? len_left : 16 - 2;
memcpy( b + 2, src, use_len );
len_left -= use_len;
src += use_len;
UPDATE_CBC_MAC;
while( len_left > 0 )
{
use_len = len_left > 16 ? 16 : len_left;
memset( b, 0, 16 );
memcpy( b, src, use_len );
UPDATE_CBC_MAC;
len_left -= use_len;
src += use_len;
}
}
/*
* Prepare counter block for encryption:
* 0 .. 0 flags
* 1 .. iv_len nonce (aka iv)
* iv_len+1 .. 15 counter (initially 1)
*
* With flags as (bits):
* 7 .. 3 0
* 2 .. 0 q - 1
*/
ctr[0] = q - 1;
memcpy( ctr + 1, iv, iv_len );
memset( ctr + 1 + iv_len, 0, q );
ctr[15] = 1;
/*
* Authenticate and {en,de}crypt the message.
*
* The only difference between encryption and decryption is
* the respective order of authentication and {en,de}cryption.
*/
len_left = length;
src = input;
dst = output;
while( len_left > 0 )
{
unsigned char use_len = len_left > 16 ? 16 : len_left;
if( mode == CCM_ENCRYPT )
{
memset( b, 0, 16 );
memcpy( b, src, use_len );
UPDATE_CBC_MAC;
}
CTR_CRYPT( dst, src, use_len );
if( mode == CCM_DECRYPT )
{
memset( b, 0, 16 );
memcpy( b, dst, use_len );
UPDATE_CBC_MAC;
}
dst += use_len;
src += use_len;
len_left -= use_len;
/*
* Increment counter.
* No need to check for overflow thanks to the length check above.
*/
for( i = 0; i < q; i++ )
if( ++ctr[15-i] != 0 )
break;
}
/*
* Authentication: reset counter and crypt/mask internal tag
*/
for( i = 0; i < q; i++ )
ctr[15-i] = 0;
CTR_CRYPT( y, y, 16 );
memcpy( tag, y, tag_len );
return( 0 );
}
/*
* Authenticated encryption
*/
int ccm_encrypt_and_tag( ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
unsigned char *tag, size_t tag_len )
{
return( ccm_auth_crypt( ctx, CCM_ENCRYPT, length, iv, iv_len,
add, add_len, input, output, tag, tag_len ) );
}
/*
* Authenticated decryption
*/
int ccm_auth_decrypt( ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
const unsigned char *add, size_t add_len,
const unsigned char *input, unsigned char *output,
const unsigned char *tag, size_t tag_len )
{
int ret;
unsigned char check_tag[16];
unsigned char i;
int diff;
if( ( ret = ccm_auth_crypt( ctx, CCM_DECRYPT, length,
iv, iv_len, add, add_len,
input, output, check_tag, tag_len ) ) != 0 )
{
return( ret );
}
/* Check tag in "constant-time" */
for( diff = 0, i = 0; i < tag_len; i++ )
diff |= tag[i] ^ check_tag[i];
if( diff != 0 )
{
polarssl_zeroize( output, length );
return( POLARSSL_ERR_CCM_AUTH_FAILED );
}
return( 0 );
}
#if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_AES_C)
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#include <stdio.h>
#define polarssl_printf printf
#endif
/*
* Examples 1 to 3 from SP800-38C Appendix C
*/
#define NB_TESTS 3
/*
* The data is the same for all tests, only the used length changes
*/
static const unsigned char key[] = {
0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
};
static const unsigned char iv[] = {
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b
};
static const unsigned char ad[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13
};
static const unsigned char msg[] = {
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
};
static const size_t iv_len [NB_TESTS] = { 7, 8, 12 };
static const size_t add_len[NB_TESTS] = { 8, 16, 20 };
static const size_t msg_len[NB_TESTS] = { 4, 16, 24 };
static const size_t tag_len[NB_TESTS] = { 4, 6, 8 };
static const unsigned char res[NB_TESTS][32] = {
{ 0x71, 0x62, 0x01, 0x5b, 0x4d, 0xac, 0x25, 0x5d },
{ 0xd2, 0xa1, 0xf0, 0xe0, 0x51, 0xea, 0x5f, 0x62,
0x08, 0x1a, 0x77, 0x92, 0x07, 0x3d, 0x59, 0x3d,
0x1f, 0xc6, 0x4f, 0xbf, 0xac, 0xcd },
{ 0xe3, 0xb2, 0x01, 0xa9, 0xf5, 0xb7, 0x1a, 0x7a,
0x9b, 0x1c, 0xea, 0xec, 0xcd, 0x97, 0xe7, 0x0b,
0x61, 0x76, 0xaa, 0xd9, 0xa4, 0x42, 0x8a, 0xa5,
0x48, 0x43, 0x92, 0xfb, 0xc1, 0xb0, 0x99, 0x51 }
};
int ccm_self_test( int verbose )
{
ccm_context ctx;
unsigned char out[32];
size_t i;
int ret;
if( ccm_init( &ctx, POLARSSL_CIPHER_ID_AES, key, 8 * sizeof key ) != 0 )
{
if( verbose != 0 )
polarssl_printf( " CCM: setup failed" );
return( 1 );
}
for( i = 0; i < NB_TESTS; i++ )
{
if( verbose != 0 )
polarssl_printf( " CCM-AES #%u: ", (unsigned int) i + 1 );
ret = ccm_encrypt_and_tag( &ctx, msg_len[i],
iv, iv_len[i], ad, add_len[i],
msg, out,
out + msg_len[i], tag_len[i] );
if( ret != 0 ||
memcmp( out, res[i], msg_len[i] + tag_len[i] ) != 0 )
{
if( verbose != 0 )
polarssl_printf( "failed\n" );
return( 1 );
}
ret = ccm_auth_decrypt( &ctx, msg_len[i],
iv, iv_len[i], ad, add_len[i],
res[i], out,
res[i] + msg_len[i], tag_len[i] );
if( ret != 0 ||
memcmp( out, msg, msg_len[i] ) != 0 )
{
if( verbose != 0 )
polarssl_printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
polarssl_printf( "passed\n" );
}
ccm_free( &ctx );
if( verbose != 0 )
polarssl_printf( "\n" );
return( 0 );
}
#endif /* POLARSSL_SELF_TEST && POLARSSL_AES_C */
#endif /* POLARSSL_CCM_C */

View File

@ -1,7 +1,7 @@
/*
* X.509 test certificates
*
* Copyright (C) 2006-2010, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -23,7 +23,11 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_CERTS_C)
@ -169,55 +173,56 @@ const char test_ca_pwd_rsa[] = "PolarSSLTest";
const char test_srv_crt_rsa[] =
"-----BEGIN CERTIFICATE-----\r\n"
"MIIDPzCCAiegAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n"
"MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n"
"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n"
"MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G\r\n"
"A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN\r\n"
"BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/\r\n"
"uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD\r\n"
"d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf\r\n"
"CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr\r\n"
"lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w\r\n"
"bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB\r\n"
"o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf\r\n"
"BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQUFAAOC\r\n"
"AQEAvc+WwZUemsJu2IiI2Cp6liA+UAvIx98dQe3kZs2zAoF9VwQbXcYzWQ/BILkj\r\n"
"NImKbPL9x0g2jIDn4ZvGYFywMwIO/d++YbwYiQw42/v7RiMy94zBPnzeHi86dy/0\r\n"
"jpOOJUx3IXRsGLdyjb/1T11klcFqGnARiK+8VYolMPP6afKvLXX7K4kiUpsFQhUp\r\n"
"E5VeM5pV1Mci2ETOJau2cO40FJvI/C9W/wR+GAArMaw2fxG77E3laaa0LAOlexM6\r\n"
"A4KOb5f5cGTM5Ih6tEF5FVq3/9vzNIYMa1FqzacBLZF8zSHYLEimXBdzjBoN4qDU\r\n"
"/WzRyYRBRjAI49mzHX6raleqnw==\r\n"
"MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n"
"A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n"
"AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n"
"owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n"
"NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n"
"tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n"
"hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n"
"HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n"
"VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n"
"FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJxnXClY\r\n"
"oHkbp70cqBrsGXLybA74czbO5RdLEgFs7rHVS9r+c293luS/KdliLScZqAzYVylw\r\n"
"UfRWvKMoWhHYKp3dEIS4xTXk6/5zXxhv9Rw8SGc8qn6vITHk1S1mPevtekgasY5Y\r\n"
"iWQuM3h4YVlRH3HHEMAD1TnAexfXHHDFQGe+Bd1iAbz1/sH9H8l4StwX6egvTK3M\r\n"
"wXRwkKkvjKaEDA9ATbZx0mI8LGsxSuCqe9r9dyjmttd47J1p1Rulz3CLzaRcVIuS\r\n"
"RRQfaD8neM9c1S/iJ/amTVqJxA1KOdOS5780WhPfSArA+g4qAmSjelc3p4wWpha8\r\n"
"zhuYwjVuX6JHG0c=\r\n"
"-----END CERTIFICATE-----\r\n";
const char test_srv_key_rsa[] =
"-----BEGIN RSA PRIVATE KEY-----\r\n"
"MIIEogIBAAKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/uOhFkNvuiBZS0/FDUEeW\r\n"
"Ellkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFDd185fAkER4KwVzlw7aPs\r\n"
"FRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVfCrFTxjB+FTms+Vruf5Ke\r\n"
"pgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTrlZvc/kFeF6babFtpzAK6\r\n"
"FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9wbp7OvViJ4lNZnm5akmXi\r\n"
"iD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQABAoIBABaJ9eiRQq4Ypv+w\r\n"
"UTcVpLC0oTueWzcpor1i1zjG4Vzqe/Ok2FqyGToGKMlFK7Hwwa+LEyeJ3xyV5yd4\r\n"
"v1Mw9bDZFdJC1eCBjoUAHtX6k9HOE0Vd6woVQ4Vi6OPI1g7B5Mnr/58rNrnN6TMs\r\n"
"x58NF6euecwTU811QJrZtLbX7j2Cr28yB2Vs8qyYlHwVw5jbDOv43D7vU5gmlIDN\r\n"
"0JQRuWAnOuPzZNoJr4SfJKqHNGxYYY6pHZ1s0dOTLIDb/B8KQWapA2kRmZyid2EH\r\n"
"nwzgLbAsHJCf+bQnhXjXuxtUsrcIL8noZLazlOMxwNEammglVWW23Ud/QRnFgJg5\r\n"
"UgcAcRECgYEA19uYetht5qmwdJ+12oC6zeO+vXLcyD9gon23T5J6w2YThld7/OW0\r\n"
"oArQJGgkAdaq0pcTyOIjtTQVMFygdVmCEJmxh/3RutPcTeydqW9fphKDMej32J8e\r\n"
"GniGmNGiclbcfNOS8E5TGp445yZb9P1+7AHng16bGg3Ykj5EA4G+HCcCgYEAyHAl\r\n"
"//ekk8YjQElm+8izLtFkymIK0aCtEe9C/RIRhFYBeFaotC5dStNhBOncn4ovMAPD\r\n"
"lX/92yDi9OP8PPLN3a4B9XpW3k/SS5GrbT5cwOivBHNllZSmu/2qz5WPGcjVCOrB\r\n"
"LYl3YWr2h3EGKICT03kEoTkiDBvCeOpW7cCGl2cCgYBD5whoXHz1+ptPlI4YVjZt\r\n"
"Xh86aU+ajpVPiEyJ84I6xXmO4SZXv8q6LaycR0ZMbcL+zBelMb4Z2nBv7jNrtuR7\r\n"
"ZF28cdPv+YVr3esaybZE/73VjXup4SQPH6r3l7qKTVi+y6+FeJ4b2Xn8/MwgnT23\r\n"
"8EFrye7wmzpthrjOgZnUMQKBgE9Lhsz/5J0Nis6Y+2Pqn3CLKEukg9Ewtqdct2y0\r\n"
"5Dcta0F3TyCRIxlCDKTL/BslqMtfAdY4H268UO0+8IAQMn9boqzBrHIgs/pvc5kx\r\n"
"TbKHmw2wtWR6vYersBKVgVpbCGSRssDYHGFu1n74qM4HJ/RGcR1zI9QUe1gopSFD\r\n"
"xDtLAoGAVAdWvrqDwgoL2hHW3scGpxdE/ygJDOwHnf+1B9goKAOP5lf2FJaiAxf3\r\n"
"ectoPOgZbCmm/iiDmigu703ld3O+VoCLDD4qx3R+KyALL78gtVJYzSRiKhzgCZ3g\r\n"
"mKsIVRBq4IfwiwyMNG2BYZQAwbSDjjPtn/kPBduPzPj7eriByhI=\r\n"
"MIIEpAIBAAKCAQEAwU2j3efNHdEE10lyuJmsDnjkOjxKzzoTFtBa5M2jAIin7h5r\r\n"
"lqdStJDvLXJ6PiSa/LY0rCT1d+AmZIycsCh9odrqjObJHJa8/sEEUrM21KP64bF2\r\n"
"2JDBYbRmUjaiJlOqq3ReB30Zgtsq2B+g2Q0cLUlm91slc0boC4pPaQy1AJDh2oIQ\r\n"
"Zn2uVCuLZXmRoeJhw81ASQjuaAzxi4bSRr/QuKoRAx5/VqgaHkQYDw+Fi9qLRF7i\r\n"
"GMZiL8dmjfpd2H3zJ4kpAcWQDj8n8TDISg7v1t7HxydrxwU9esQCPJodPg/oNJhb\r\n"
"y3NLUpbYEaIsgIhpOVrTD7DeWS8Rx/fqEgEwlwIDAQABAoIBAQCXR0S8EIHFGORZ\r\n"
"++AtOg6eENxD+xVs0f1IeGz57Tjo3QnXX7VBZNdj+p1ECvhCE/G7XnkgU5hLZX+G\r\n"
"Z0jkz/tqJOI0vRSdLBbipHnWouyBQ4e/A1yIJdlBtqXxJ1KE/ituHRbNc4j4kL8Z\r\n"
"/r6pvwnTI0PSx2Eqs048YdS92LT6qAv4flbNDxMn2uY7s4ycS4Q8w1JXnCeaAnYm\r\n"
"WYI5wxO+bvRELR2Mcz5DmVnL8jRyml6l6582bSv5oufReFIbyPZbQWlXgYnpu6He\r\n"
"GTc7E1zKYQGG/9+DQUl/1vQuCPqQwny0tQoX2w5tdYpdMdVm+zkLtbajzdTviJJa\r\n"
"TWzL6lt5AoGBAN86+SVeJDcmQJcv4Eq6UhtRr4QGMiQMz0Sod6ettYxYzMgxtw28\r\n"
"CIrgpozCc+UaZJLo7UxvC6an85r1b2nKPCLQFaggJ0H4Q0J/sZOhBIXaoBzWxveK\r\n"
"nupceKdVxGsFi8CDy86DBfiyFivfBj+47BbaQzPBj7C4rK7UlLjab2rDAoGBAN2u\r\n"
"AM2gchoFiu4v1HFL8D7lweEpi6ZnMJjnEu/dEgGQJFjwdpLnPbsj4c75odQ4Gz8g\r\n"
"sw9lao9VVzbusoRE/JGI4aTdO0pATXyG7eG1Qu+5Yc1YGXcCrliA2xM9xx+d7f+s\r\n"
"mPzN+WIEg5GJDYZDjAzHG5BNvi/FfM1C9dOtjv2dAoGAF0t5KmwbjWHBhcVqO4Ic\r\n"
"BVvN3BIlc1ue2YRXEDlxY5b0r8N4XceMgKmW18OHApZxfl8uPDauWZLXOgl4uepv\r\n"
"whZC3EuWrSyyICNhLY21Ah7hbIEBPF3L3ZsOwC+UErL+dXWLdB56Jgy3gZaBeW7b\r\n"
"vDrEnocJbqCm7IukhXHOBK8CgYEAwqdHB0hqyNSzIOGY7v9abzB6pUdA3BZiQvEs\r\n"
"3LjHVd4HPJ2x0N8CgrBIWOE0q8+0hSMmeE96WW/7jD3fPWwCR5zlXknxBQsfv0gP\r\n"
"3BC5PR0Qdypz+d+9zfMf625kyit4T/hzwhDveZUzHnk1Cf+IG7Q+TOEnLnWAWBED\r\n"
"ISOWmrUCgYAFEmRxgwAc/u+D6t0syCwAYh6POtscq9Y0i9GyWk89NzgC4NdwwbBH\r\n"
"4AgahOxIxXx2gxJnq3yfkJfIjwf0s2DyP0kY2y6Ua1OeomPeY9mrIS4tCuDQ6LrE\r\n"
"TB6l9VGoxJL4fyHnZb8L5gGvnB1bbD8cL6YPaDiOhcRseC9vBiEuVg==\r\n"
"-----END RSA PRIVATE KEY-----\r\n";
const char test_cli_crt_rsa[] =
"-----BEGIN CERTIFICATE-----\r\n"
"MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n"
@ -300,6 +305,6 @@ const char *test_srv_crt = test_srv_crt_ec;
const char *test_srv_key = test_srv_key_ec;
const char *test_cli_crt = test_cli_crt_ec;
const char *test_cli_key = test_cli_key_ec;
#endif
#endif /* POLARSSL_RSA_C */
#endif /* POLARSSL_CERTS_C */

View File

@ -5,7 +5,7 @@
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -27,7 +27,11 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_CIPHER_C)
@ -38,6 +42,10 @@
#include "polarssl/gcm.h"
#endif
#if defined(POLARSSL_CCM_C)
#include "polarssl/ccm.h"
#endif
#include <stdlib.h>
#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER)
@ -49,6 +57,11 @@
#define strcasecmp _stricmp
#endif
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
static int supported_init = 0;
const int *cipher_list( void )
@ -69,7 +82,7 @@ const int *cipher_list( void )
supported_init = 1;
}
return supported_ciphers;
return( supported_ciphers );
}
const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type )
@ -80,7 +93,7 @@ const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type )
if( def->type == cipher_type )
return( def->info );
return NULL;
return( NULL );
}
const cipher_info_t *cipher_info_from_string( const char *cipher_name )
@ -88,13 +101,13 @@ const cipher_info_t *cipher_info_from_string( const char *cipher_name )
const cipher_definition_t *def;
if( NULL == cipher_name )
return NULL;
return( NULL );
for( def = cipher_definitions; def->info != NULL; def++ )
if( ! strcasecmp( def->info->name, cipher_name ) )
return( def->info );
return NULL;
return( NULL );
}
const cipher_info_t *cipher_info_from_values( const cipher_id_t cipher_id,
@ -109,18 +122,34 @@ const cipher_info_t *cipher_info_from_values( const cipher_id_t cipher_id,
def->info->mode == mode )
return( def->info );
return NULL;
return( NULL );
}
void cipher_init( cipher_context_t *ctx )
{
memset( ctx, 0, sizeof( cipher_context_t ) );
}
void cipher_free( cipher_context_t *ctx )
{
if( ctx == NULL )
return;
if( ctx->cipher_ctx )
ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
polarssl_zeroize( ctx, sizeof(cipher_context_t) );
}
int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info )
{
if( NULL == cipher_info || NULL == ctx )
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
memset( ctx, 0, sizeof( cipher_context_t ) );
if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) )
return POLARSSL_ERR_CIPHER_ALLOC_FAILED;
return( POLARSSL_ERR_CIPHER_ALLOC_FAILED );
ctx->cipher_info = cipher_info;
@ -135,27 +164,28 @@ int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info )
#endif
#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
return 0;
return( 0 );
}
/* Deprecated, redirects to cipher_free() */
int cipher_free_ctx( cipher_context_t *ctx )
{
if( ctx == NULL || ctx->cipher_info == NULL )
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
cipher_free( ctx );
ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
return 0;
return( 0 );
}
int cipher_setkey( cipher_context_t *ctx, const unsigned char *key,
int key_length, const operation_t operation )
{
if( NULL == ctx || NULL == ctx->cipher_info )
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
if( (int) ctx->cipher_info->key_length != key_length )
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
if( ( ctx->cipher_info->flags & POLARSSL_CIPHER_VARIABLE_KEY_LEN ) == 0 &&
(int) ctx->cipher_info->key_length != key_length )
{
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
}
ctx->key_length = key_length;
ctx->operation = operation;
@ -175,7 +205,7 @@ int cipher_setkey( cipher_context_t *ctx, const unsigned char *key,
return ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key,
ctx->key_length );
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
}
int cipher_set_iv( cipher_context_t *ctx,
@ -184,13 +214,13 @@ int cipher_set_iv( cipher_context_t *ctx,
size_t actual_iv_size;
if( NULL == ctx || NULL == ctx->cipher_info || NULL == iv )
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
/* avoid buffer overflow in ctx->iv */
if( iv_len > POLARSSL_MAX_IV_LENGTH )
return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
if( ctx->cipher_info->accepts_variable_iv_size )
if( ( ctx->cipher_info->flags & POLARSSL_CIPHER_VARIABLE_IV_LEN ) != 0 )
actual_iv_size = iv_len;
else
{
@ -198,52 +228,50 @@ int cipher_set_iv( cipher_context_t *ctx,
/* avoid reading past the end of input buffer */
if( actual_iv_size > iv_len )
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
}
memcpy( ctx->iv, iv, actual_iv_size );
ctx->iv_size = actual_iv_size;
return 0;
return( 0 );
}
int cipher_reset( cipher_context_t *ctx )
{
if( NULL == ctx || NULL == ctx->cipher_info )
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
ctx->unprocessed_len = 0;
return 0;
return( 0 );
}
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
int cipher_update_ad( cipher_context_t *ctx,
const unsigned char *ad, size_t ad_len )
{
if( NULL == ctx || NULL == ctx->cipher_info )
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
#if defined(POLARSSL_GCM_C)
if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
{
return gcm_starts( (gcm_context *) ctx->cipher_ctx, ctx->operation,
ctx->iv, ctx->iv_size, ad, ad_len );
}
#endif
return 0;
return( 0 );
}
#endif /* POLARSSL_CIPHER_MODE_AEAD */
#endif /* POLARSSL_GCM_C */
int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen )
int cipher_update( cipher_context_t *ctx, const unsigned char *input,
size_t ilen, unsigned char *output, size_t *olen )
{
int ret;
if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
{
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
}
*olen = 0;
@ -251,17 +279,17 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
if( ctx->cipher_info->mode == POLARSSL_MODE_ECB )
{
if( ilen != cipher_get_block_size( ctx ) )
return POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED;
return( POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED );
*olen = ilen;
if( 0 != ( ret = ctx->cipher_info->base->ecb_func( ctx->cipher_ctx,
ctx->operation, input, output ) ) )
{
return ret;
return( ret );
}
return 0;
return( 0 );
}
#if defined(POLARSSL_GCM_C)
@ -276,7 +304,7 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
if( input == output &&
( ctx->unprocessed_len != 0 || ilen % cipher_get_block_size( ctx ) ) )
{
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
}
#if defined(POLARSSL_CIPHER_MODE_CBC)
@ -296,7 +324,7 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
ilen );
ctx->unprocessed_len += ilen;
return 0;
return( 0 );
}
/*
@ -313,7 +341,7 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
ctx->unprocessed_data, output ) ) )
{
return ret;
return( ret );
}
*olen += cipher_get_block_size( ctx );
@ -331,7 +359,7 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
{
copy_len = ilen % cipher_get_block_size( ctx );
if( copy_len == 0 && ctx->operation == POLARSSL_DECRYPT )
copy_len = cipher_get_block_size(ctx);
copy_len = cipher_get_block_size( ctx );
memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
copy_len );
@ -348,13 +376,13 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
ctx->operation, ilen, ctx->iv, input, output ) ) )
{
return ret;
return( ret );
}
*olen += ilen;
}
return 0;
return( 0 );
}
#endif /* POLARSSL_CIPHER_MODE_CBC */
@ -365,14 +393,14 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv,
input, output ) ) )
{
return ret;
return( ret );
}
*olen = ilen;
return 0;
return( 0 );
}
#endif
#endif /* POLARSSL_CIPHER_MODE_CFB */
#if defined(POLARSSL_CIPHER_MODE_CTR)
if( ctx->cipher_info->mode == POLARSSL_MODE_CTR )
@ -381,14 +409,14 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
ilen, &ctx->unprocessed_len, ctx->iv,
ctx->unprocessed_data, input, output ) ) )
{
return ret;
return( ret );
}
*olen = ilen;
return 0;
return( 0 );
}
#endif
#endif /* POLARSSL_CIPHER_MODE_CTR */
#if defined(POLARSSL_CIPHER_MODE_STREAM)
if( ctx->cipher_info->mode == POLARSSL_MODE_STREAM )
@ -396,16 +424,16 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
if( 0 != ( ret = ctx->cipher_info->base->stream_func( ctx->cipher_ctx,
ilen, input, output ) ) )
{
return ret;
return( ret );
}
*olen = ilen;
return 0;
return( 0 );
}
#endif
#endif /* POLARSSL_CIPHER_MODE_STREAM */
return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
}
#if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
@ -430,7 +458,7 @@ static int get_pkcs_padding( unsigned char *input, size_t input_len,
unsigned char padding_len, bad = 0;
if( NULL == input || NULL == data_len )
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
padding_len = input[input_len - 1];
*data_len = input_len - padding_len;
@ -445,7 +473,7 @@ static int get_pkcs_padding( unsigned char *input, size_t input_len,
for( i = 0; i < input_len; i++ )
bad |= ( input[i] ^ padding_len ) * ( i >= pad_idx );
return POLARSSL_ERR_CIPHER_INVALID_PADDING * (bad != 0);
return( POLARSSL_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
}
#endif /* POLARSSL_CIPHER_PADDING_PKCS7 */
@ -471,7 +499,7 @@ static int get_one_and_zeros_padding( unsigned char *input, size_t input_len,
unsigned char done = 0, prev_done, bad;
if( NULL == input || NULL == data_len )
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
bad = 0xFF;
*data_len = 0;
@ -483,7 +511,7 @@ static int get_one_and_zeros_padding( unsigned char *input, size_t input_len,
bad &= ( input[i-1] ^ 0x80 ) | ( done == prev_done );
}
return POLARSSL_ERR_CIPHER_INVALID_PADDING * (bad != 0);
return( POLARSSL_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
}
#endif /* POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS */
@ -510,7 +538,7 @@ static int get_zeros_and_len_padding( unsigned char *input, size_t input_len,
unsigned char padding_len, bad = 0;
if( NULL == input || NULL == data_len )
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
padding_len = input[input_len - 1];
*data_len = input_len - padding_len;
@ -524,7 +552,7 @@ static int get_zeros_and_len_padding( unsigned char *input, size_t input_len,
for( i = 0; i < input_len - 1; i++ )
bad |= input[i] * ( i >= pad_idx );
return POLARSSL_ERR_CIPHER_INVALID_PADDING * (bad != 0);
return( POLARSSL_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
}
#endif /* POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN */
@ -548,7 +576,7 @@ static int get_zeros_padding( unsigned char *input, size_t input_len,
unsigned char done = 0, prev_done;
if( NULL == input || NULL == data_len )
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
*data_len = 0;
for( i = input_len; i > 0; i-- )
@ -558,7 +586,7 @@ static int get_zeros_padding( unsigned char *input, size_t input_len,
*data_len |= i * ( done != prev_done );
}
return 0;
return( 0 );
}
#endif /* POLARSSL_CIPHER_PADDING_ZEROS */
@ -572,11 +600,11 @@ static int get_no_padding( unsigned char *input, size_t input_len,
size_t *data_len )
{
if( NULL == input || NULL == data_len )
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
*data_len = input_len;
return 0;
return( 0 );
}
#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
@ -584,7 +612,7 @@ int cipher_finish( cipher_context_t *ctx,
unsigned char *output, size_t *olen )
{
if( NULL == ctx || NULL == ctx->cipher_info || NULL == olen )
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
*olen = 0;
@ -593,15 +621,15 @@ int cipher_finish( cipher_context_t *ctx,
POLARSSL_MODE_GCM == ctx->cipher_info->mode ||
POLARSSL_MODE_STREAM == ctx->cipher_info->mode )
{
return 0;
return( 0 );
}
if( POLARSSL_MODE_ECB == ctx->cipher_info->mode )
{
if( ctx->unprocessed_len != 0 )
return POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED;
return( POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED );
return 0;
return( 0 );
}
#if defined(POLARSSL_CIPHER_MODE_CBC)
@ -615,24 +643,24 @@ int cipher_finish( cipher_context_t *ctx,
if( NULL == ctx->add_padding )
{
if( 0 != ctx->unprocessed_len )
return POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED;
return( POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED );
return 0;
return( 0 );
}
ctx->add_padding( ctx->unprocessed_data, cipher_get_iv_size( ctx ),
ctx->unprocessed_len );
}
else if ( cipher_get_block_size( ctx ) != ctx->unprocessed_len )
else if( cipher_get_block_size( ctx ) != ctx->unprocessed_len )
{
/*
* For decrypt operations, expect a full block,
* or an empty block if no padding
*/
if( NULL == ctx->add_padding && 0 == ctx->unprocessed_len )
return 0;
return( 0 );
return POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED;
return( POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED );
}
/* cipher block */
@ -640,7 +668,7 @@ int cipher_finish( cipher_context_t *ctx,
ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
ctx->unprocessed_data, output ) ) )
{
return ret;
return( ret );
}
/* Set output size for decryption */
@ -650,13 +678,13 @@ int cipher_finish( cipher_context_t *ctx,
/* Set output size for encryption */
*olen = cipher_get_block_size( ctx );
return 0;
return( 0 );
}
#else
((void) output);
#endif /* POLARSSL_CIPHER_MODE_CBC */
return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
}
#if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
@ -665,7 +693,7 @@ int cipher_set_padding_mode( cipher_context_t *ctx, cipher_padding_t mode )
if( NULL == ctx ||
POLARSSL_MODE_CBC != ctx->cipher_info->mode )
{
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
}
switch( mode )
@ -700,29 +728,27 @@ int cipher_set_padding_mode( cipher_context_t *ctx, cipher_padding_t mode )
break;
default:
return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
}
return 0;
return( 0 );
}
#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
#if defined(POLARSSL_CIPHER_MODE_AEAD)
#if defined(POLARSSL_GCM_C)
int cipher_write_tag( cipher_context_t *ctx,
unsigned char *tag, size_t tag_len )
{
if( NULL == ctx || NULL == ctx->cipher_info || NULL == tag )
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
if( POLARSSL_ENCRYPT != ctx->operation )
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
#if defined(POLARSSL_GCM_C)
if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
return gcm_finish( (gcm_context *) ctx->cipher_ctx, tag, tag_len );
#endif
return 0;
return( 0 );
}
int cipher_check_tag( cipher_context_t *ctx,
@ -733,10 +759,9 @@ int cipher_check_tag( cipher_context_t *ctx,
if( NULL == ctx || NULL == ctx->cipher_info ||
POLARSSL_DECRYPT != ctx->operation )
{
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
}
#if defined(POLARSSL_GCM_C)
if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
{
unsigned char check_tag[16];
@ -744,7 +769,7 @@ int cipher_check_tag( cipher_context_t *ctx,
int diff;
if( tag_len > sizeof( check_tag ) )
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
if( 0 != ( ret = gcm_finish( (gcm_context *) ctx->cipher_ctx,
check_tag, tag_len ) ) )
@ -761,24 +786,125 @@ int cipher_check_tag( cipher_context_t *ctx,
return( 0 );
}
#endif
return( 0 );
}
#endif /* POLARSSL_GCM_C */
/*
* Packet-oriented wrapper for non-AEAD modes
*/
int cipher_crypt( cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen )
{
int ret;
size_t finish_olen;
if( ( ret = cipher_set_iv( ctx, iv, iv_len ) ) != 0 )
return( ret );
if( ( ret = cipher_reset( ctx ) ) != 0 )
return( ret );
if( ( ret = cipher_update( ctx, input, ilen, output, olen ) ) != 0 )
return( ret );
if( ( ret = cipher_finish( ctx, output + *olen, &finish_olen ) ) != 0 )
return( ret );
*olen += finish_olen;
return( 0 );
}
#if defined(POLARSSL_CIPHER_MODE_AEAD)
/*
* Packet-oriented encryption for AEAD modes
*/
int cipher_auth_encrypt( cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len,
const unsigned char *ad, size_t ad_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen,
unsigned char *tag, size_t tag_len )
{
#if defined(POLARSSL_GCM_C)
if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
{
*olen = ilen;
return( gcm_crypt_and_tag( ctx->cipher_ctx, GCM_ENCRYPT, ilen,
iv, iv_len, ad, ad_len, input, output,
tag_len, tag ) );
}
#endif /* POLARSSL_GCM_C */
#if defined(POLARSSL_CCM_C)
if( POLARSSL_MODE_CCM == ctx->cipher_info->mode )
{
*olen = ilen;
return( ccm_encrypt_and_tag( ctx->cipher_ctx, ilen,
iv, iv_len, ad, ad_len, input, output,
tag, tag_len ) );
}
#endif /* POLARSSL_CCM_C */
return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
}
/*
* Packet-oriented decryption for AEAD modes
*/
int cipher_auth_decrypt( cipher_context_t *ctx,
const unsigned char *iv, size_t iv_len,
const unsigned char *ad, size_t ad_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen,
const unsigned char *tag, size_t tag_len )
{
#if defined(POLARSSL_GCM_C)
if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
{
int ret;
*olen = ilen;
ret = gcm_auth_decrypt( ctx->cipher_ctx, ilen,
iv, iv_len, ad, ad_len,
tag, tag_len, input, output );
if( ret == POLARSSL_ERR_GCM_AUTH_FAILED )
ret = POLARSSL_ERR_CIPHER_AUTH_FAILED;
return( ret );
}
#endif /* POLARSSL_GCM_C */
#if defined(POLARSSL_CCM_C)
if( POLARSSL_MODE_CCM == ctx->cipher_info->mode )
{
int ret;
*olen = ilen;
ret = ccm_auth_decrypt( ctx->cipher_ctx, ilen,
iv, iv_len, ad, ad_len,
input, output, tag, tag_len );
if( ret == POLARSSL_ERR_CCM_AUTH_FAILED )
ret = POLARSSL_ERR_CIPHER_AUTH_FAILED;
return( ret );
}
#endif /* POLARSSL_CCM_C */
return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
}
#endif /* POLARSSL_CIPHER_MODE_AEAD */
#if defined(POLARSSL_SELF_TEST)
#include <stdio.h>
#define ASSERT(x) if (!(x)) { \
printf( "failed with %i at %s\n", value, (#x) ); \
return( 1 ); \
}
/*
* Checkup routine
*/
int cipher_self_test( int verbose )
{
((void) verbose);
@ -786,6 +912,6 @@ int cipher_self_test( int verbose )
return( 0 );
}
#endif
#endif /* POLARSSL_SELF_TEST */
#endif
#endif /* POLARSSL_CIPHER_C */

View File

@ -5,7 +5,7 @@
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -27,7 +27,11 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_CIPHER_C)
@ -57,8 +61,12 @@
#include "polarssl/gcm.h"
#endif
#if defined(POLARSSL_MEMORY_C)
#include "polarssl/memory.h"
#if defined(POLARSSL_CCM_C)
#include "polarssl/ccm.h"
#endif
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#define polarssl_malloc malloc
#define polarssl_free free
@ -78,7 +86,21 @@ static void gcm_ctx_free( void *ctx )
gcm_free( ctx );
polarssl_free( ctx );
}
#endif
#endif /* POLARSSL_GCM_C */
#if defined(POLARSSL_CCM_C)
/* shared by all CCM ciphers */
static void *ccm_ctx_alloc( void )
{
return polarssl_malloc( sizeof( ccm_context ) );
}
static void ccm_ctx_free( void *ctx )
{
ccm_free( ctx );
polarssl_free( ctx );
}
#endif /* POLARSSL_CCM_C */
#if defined(POLARSSL_AES_C)
@ -92,7 +114,8 @@ static int aes_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
unsigned char *iv, const unsigned char *input, unsigned char *output )
{
#if defined(POLARSSL_CIPHER_MODE_CBC)
return aes_crypt_cbc( (aes_context *) ctx, operation, length, iv, input, output );
return aes_crypt_cbc( (aes_context *) ctx, operation, length, iv, input,
output );
#else
((void) ctx);
((void) operation);
@ -101,15 +124,17 @@ static int aes_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
((void) input);
((void) output);
return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
#endif /* POLARSSL_CIPHER_MODE_CBC */
}
static int aes_crypt_cfb128_wrap( void *ctx, operation_t operation, size_t length,
size_t *iv_off, unsigned char *iv, const unsigned char *input, unsigned char *output )
static int aes_crypt_cfb128_wrap( void *ctx, operation_t operation,
size_t length, size_t *iv_off, unsigned char *iv,
const unsigned char *input, unsigned char *output )
{
#if defined(POLARSSL_CIPHER_MODE_CFB)
return aes_crypt_cfb128( (aes_context *) ctx, operation, length, iv_off, iv, input, output );
return aes_crypt_cfb128( (aes_context *) ctx, operation, length, iv_off, iv,
input, output );
#else
((void) ctx);
((void) operation);
@ -119,12 +144,12 @@ static int aes_crypt_cfb128_wrap( void *ctx, operation_t operation, size_t lengt
((void) input);
((void) output);
return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
#endif
return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
#endif /* POLARSSL_CIPHER_MODE_CFB */
}
static int aes_crypt_ctr_wrap( void *ctx, size_t length,
size_t *nc_off, unsigned char *nonce_counter, unsigned char *stream_block,
static int aes_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
unsigned char *nonce_counter, unsigned char *stream_block,
const unsigned char *input, unsigned char *output )
{
#if defined(POLARSSL_CIPHER_MODE_CTR)
@ -139,27 +164,37 @@ static int aes_crypt_ctr_wrap( void *ctx, size_t length,
((void) input);
((void) output);
return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
#endif
return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
#endif /* POLARSSL_CIPHER_MODE_CTR */
}
static int aes_setkey_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
static int aes_setkey_dec_wrap( void *ctx, const unsigned char *key,
unsigned int key_length )
{
return aes_setkey_dec( (aes_context *) ctx, key, key_length );
}
static int aes_setkey_enc_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
static int aes_setkey_enc_wrap( void *ctx, const unsigned char *key,
unsigned int key_length )
{
return aes_setkey_enc( (aes_context *) ctx, key, key_length );
}
static void * aes_ctx_alloc( void )
{
return polarssl_malloc( sizeof( aes_context ) );
aes_context *aes = (aes_context *) polarssl_malloc( sizeof( aes_context ) );
if( aes == NULL )
return( NULL );
aes_init( aes );
return( aes );
}
static void aes_ctx_free( void *ctx )
{
aes_free( (aes_context *) ctx );
polarssl_free( ctx );
}
@ -315,7 +350,8 @@ const cipher_info_t aes_256_ctr_info = {
#endif /* POLARSSL_CIPHER_MODE_CTR */
#if defined(POLARSSL_GCM_C)
static int gcm_aes_setkey_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
static int gcm_aes_setkey_wrap( void *ctx, const unsigned char *key,
unsigned int key_length )
{
return gcm_init( (gcm_context *) ctx, POLARSSL_CIPHER_ID_AES,
key, key_length );
@ -340,7 +376,7 @@ const cipher_info_t aes_128_gcm_info = {
128,
"AES-128-GCM",
12,
1,
POLARSSL_CIPHER_VARIABLE_IV_LEN,
16,
&gcm_aes_info
};
@ -351,7 +387,7 @@ const cipher_info_t aes_192_gcm_info = {
192,
"AES-192-GCM",
12,
1,
POLARSSL_CIPHER_VARIABLE_IV_LEN,
16,
&gcm_aes_info
};
@ -362,27 +398,85 @@ const cipher_info_t aes_256_gcm_info = {
256,
"AES-256-GCM",
12,
1,
POLARSSL_CIPHER_VARIABLE_IV_LEN,
16,
&gcm_aes_info
};
#endif /* POLARSSL_GCM_C */
#endif
#if defined(POLARSSL_CCM_C)
static int ccm_aes_setkey_wrap( void *ctx, const unsigned char *key,
unsigned int key_length )
{
return ccm_init( (ccm_context *) ctx, POLARSSL_CIPHER_ID_AES,
key, key_length );
}
const cipher_base_t ccm_aes_info = {
POLARSSL_CIPHER_ID_AES,
NULL,
NULL,
NULL,
NULL,
NULL,
ccm_aes_setkey_wrap,
ccm_aes_setkey_wrap,
ccm_ctx_alloc,
ccm_ctx_free,
};
const cipher_info_t aes_128_ccm_info = {
POLARSSL_CIPHER_AES_128_CCM,
POLARSSL_MODE_CCM,
128,
"AES-128-CCM",
12,
POLARSSL_CIPHER_VARIABLE_IV_LEN,
16,
&ccm_aes_info
};
const cipher_info_t aes_192_ccm_info = {
POLARSSL_CIPHER_AES_192_CCM,
POLARSSL_MODE_CCM,
192,
"AES-192-CCM",
12,
POLARSSL_CIPHER_VARIABLE_IV_LEN,
16,
&ccm_aes_info
};
const cipher_info_t aes_256_ccm_info = {
POLARSSL_CIPHER_AES_256_CCM,
POLARSSL_MODE_CCM,
256,
"AES-256-CCM",
12,
POLARSSL_CIPHER_VARIABLE_IV_LEN,
16,
&ccm_aes_info
};
#endif /* POLARSSL_CCM_C */
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_CAMELLIA_C)
static int camellia_crypt_ecb_wrap( void *ctx, operation_t operation,
const unsigned char *input, unsigned char *output )
{
return camellia_crypt_ecb( (camellia_context *) ctx, operation, input, output );
return camellia_crypt_ecb( (camellia_context *) ctx, operation, input,
output );
}
static int camellia_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
unsigned char *iv, const unsigned char *input, unsigned char *output )
static int camellia_crypt_cbc_wrap( void *ctx, operation_t operation,
size_t length, unsigned char *iv,
const unsigned char *input, unsigned char *output )
{
#if defined(POLARSSL_CIPHER_MODE_CBC)
return camellia_crypt_cbc( (camellia_context *) ctx, operation, length, iv, input, output );
return camellia_crypt_cbc( (camellia_context *) ctx, operation, length, iv,
input, output );
#else
((void) ctx);
((void) operation);
@ -391,15 +485,17 @@ static int camellia_crypt_cbc_wrap( void *ctx, operation_t operation, size_t len
((void) input);
((void) output);
return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
#endif /* POLARSSL_CIPHER_MODE_CBC */
}
static int camellia_crypt_cfb128_wrap( void *ctx, operation_t operation, size_t length,
size_t *iv_off, unsigned char *iv, const unsigned char *input, unsigned char *output )
static int camellia_crypt_cfb128_wrap( void *ctx, operation_t operation,
size_t length, size_t *iv_off, unsigned char *iv,
const unsigned char *input, unsigned char *output )
{
#if defined(POLARSSL_CIPHER_MODE_CFB)
return camellia_crypt_cfb128( (camellia_context *) ctx, operation, length, iv_off, iv, input, output );
return camellia_crypt_cfb128( (camellia_context *) ctx, operation, length,
iv_off, iv, input, output );
#else
((void) ctx);
((void) operation);
@ -409,17 +505,17 @@ static int camellia_crypt_cfb128_wrap( void *ctx, operation_t operation, size_t
((void) input);
((void) output);
return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
#endif
return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
#endif /* POLARSSL_CIPHER_MODE_CFB */
}
static int camellia_crypt_ctr_wrap( void *ctx, size_t length,
size_t *nc_off, unsigned char *nonce_counter, unsigned char *stream_block,
static int camellia_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
unsigned char *nonce_counter, unsigned char *stream_block,
const unsigned char *input, unsigned char *output )
{
#if defined(POLARSSL_CIPHER_MODE_CTR)
return camellia_crypt_ctr( (camellia_context *) ctx, length, nc_off, nonce_counter,
stream_block, input, output );
return camellia_crypt_ctr( (camellia_context *) ctx, length, nc_off,
nonce_counter, stream_block, input, output );
#else
((void) ctx);
((void) length);
@ -429,27 +525,38 @@ static int camellia_crypt_ctr_wrap( void *ctx, size_t length,
((void) input);
((void) output);
return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
#endif
return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
#endif /* POLARSSL_CIPHER_MODE_CTR */
}
static int camellia_setkey_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
static int camellia_setkey_dec_wrap( void *ctx, const unsigned char *key,
unsigned int key_length )
{
return camellia_setkey_dec( (camellia_context *) ctx, key, key_length );
}
static int camellia_setkey_enc_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
static int camellia_setkey_enc_wrap( void *ctx, const unsigned char *key,
unsigned int key_length )
{
return camellia_setkey_enc( (camellia_context *) ctx, key, key_length );
}
static void * camellia_ctx_alloc( void )
{
return polarssl_malloc( sizeof( camellia_context ) );
camellia_context *ctx;
ctx = (camellia_context *) polarssl_malloc( sizeof( camellia_context ) );
if( ctx == NULL )
return( NULL );
camellia_init( ctx );
return( ctx );
}
static void camellia_ctx_free( void *ctx )
{
camellia_free( (camellia_context *) ctx );
polarssl_free( ctx );
}
@ -605,7 +712,8 @@ const cipher_info_t camellia_256_ctr_info = {
#endif /* POLARSSL_CIPHER_MODE_CTR */
#if defined(POLARSSL_GCM_C)
static int gcm_camellia_setkey_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
static int gcm_camellia_setkey_wrap( void *ctx, const unsigned char *key,
unsigned int key_length )
{
return gcm_init( (gcm_context *) ctx, POLARSSL_CIPHER_ID_CAMELLIA,
key, key_length );
@ -630,7 +738,7 @@ const cipher_info_t camellia_128_gcm_info = {
128,
"CAMELLIA-128-GCM",
12,
1,
POLARSSL_CIPHER_VARIABLE_IV_LEN,
16,
&gcm_camellia_info
};
@ -641,7 +749,7 @@ const cipher_info_t camellia_192_gcm_info = {
192,
"CAMELLIA-192-GCM",
12,
1,
POLARSSL_CIPHER_VARIABLE_IV_LEN,
16,
&gcm_camellia_info
};
@ -652,12 +760,67 @@ const cipher_info_t camellia_256_gcm_info = {
256,
"CAMELLIA-256-GCM",
12,
1,
POLARSSL_CIPHER_VARIABLE_IV_LEN,
16,
&gcm_camellia_info
};
#endif /* POLARSSL_GCM_C */
#if defined(POLARSSL_CCM_C)
static int ccm_camellia_setkey_wrap( void *ctx, const unsigned char *key,
unsigned int key_length )
{
return ccm_init( (ccm_context *) ctx, POLARSSL_CIPHER_ID_CAMELLIA,
key, key_length );
}
const cipher_base_t ccm_camellia_info = {
POLARSSL_CIPHER_ID_CAMELLIA,
NULL,
NULL,
NULL,
NULL,
NULL,
ccm_camellia_setkey_wrap,
ccm_camellia_setkey_wrap,
ccm_ctx_alloc,
ccm_ctx_free,
};
const cipher_info_t camellia_128_ccm_info = {
POLARSSL_CIPHER_CAMELLIA_128_CCM,
POLARSSL_MODE_CCM,
128,
"CAMELLIA-128-CCM",
12,
POLARSSL_CIPHER_VARIABLE_IV_LEN,
16,
&ccm_camellia_info
};
const cipher_info_t camellia_192_ccm_info = {
POLARSSL_CIPHER_CAMELLIA_192_CCM,
POLARSSL_MODE_CCM,
192,
"CAMELLIA-192-CCM",
12,
POLARSSL_CIPHER_VARIABLE_IV_LEN,
16,
&ccm_camellia_info
};
const cipher_info_t camellia_256_ccm_info = {
POLARSSL_CIPHER_CAMELLIA_256_CCM,
POLARSSL_MODE_CCM,
256,
"CAMELLIA-256-CCM",
12,
POLARSSL_CIPHER_VARIABLE_IV_LEN,
16,
&ccm_camellia_info
};
#endif /* POLARSSL_CCM_C */
#endif /* POLARSSL_CAMELLIA_C */
#if defined(POLARSSL_DES_C)
@ -680,7 +843,8 @@ static int des_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
unsigned char *iv, const unsigned char *input, unsigned char *output )
{
#if defined(POLARSSL_CIPHER_MODE_CBC)
return des_crypt_cbc( (des_context *) ctx, operation, length, iv, input, output );
return des_crypt_cbc( (des_context *) ctx, operation, length, iv, input,
output );
#else
((void) ctx);
((void) operation);
@ -689,7 +853,7 @@ static int des_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
((void) input);
((void) output);
return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
#endif /* POLARSSL_CIPHER_MODE_CBC */
}
@ -697,7 +861,8 @@ static int des3_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
unsigned char *iv, const unsigned char *input, unsigned char *output )
{
#if defined(POLARSSL_CIPHER_MODE_CBC)
return des3_crypt_cbc( (des3_context *) ctx, operation, length, iv, input, output );
return des3_crypt_cbc( (des3_context *) ctx, operation, length, iv, input,
output );
#else
((void) ctx);
((void) operation);
@ -706,75 +871,52 @@ static int des3_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
((void) input);
((void) output);
return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
#endif /* POLARSSL_CIPHER_MODE_CBC */
}
static int des_crypt_cfb128_wrap( void *ctx, operation_t operation, size_t length,
size_t *iv_off, unsigned char *iv, const unsigned char *input, unsigned char *output )
{
((void) ctx);
((void) operation);
((void) length);
((void) iv_off);
((void) iv);
((void) input);
((void) output);
return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
}
static int des_crypt_ctr_wrap( void *ctx, size_t length,
size_t *nc_off, unsigned char *nonce_counter, unsigned char *stream_block,
const unsigned char *input, unsigned char *output )
{
((void) ctx);
((void) length);
((void) nc_off);
((void) nonce_counter);
((void) stream_block);
((void) input);
((void) output);
return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
}
static int des_setkey_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
static int des_setkey_dec_wrap( void *ctx, const unsigned char *key,
unsigned int key_length )
{
((void) key_length);
return des_setkey_dec( (des_context *) ctx, key );
}
static int des_setkey_enc_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
static int des_setkey_enc_wrap( void *ctx, const unsigned char *key,
unsigned int key_length )
{
((void) key_length);
return des_setkey_enc( (des_context *) ctx, key );
}
static int des3_set2key_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
static int des3_set2key_dec_wrap( void *ctx, const unsigned char *key,
unsigned int key_length )
{
((void) key_length);
return des3_set2key_dec( (des3_context *) ctx, key );
}
static int des3_set2key_enc_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
static int des3_set2key_enc_wrap( void *ctx, const unsigned char *key,
unsigned int key_length )
{
((void) key_length);
return des3_set2key_enc( (des3_context *) ctx, key );
}
static int des3_set3key_dec_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
static int des3_set3key_dec_wrap( void *ctx, const unsigned char *key,
unsigned int key_length )
{
((void) key_length);
return des3_set3key_dec( (des3_context *) ctx, key );
}
static int des3_set3key_enc_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
static int des3_set3key_enc_wrap( void *ctx, const unsigned char *key,
unsigned int key_length )
{
((void) key_length);
@ -783,16 +925,38 @@ static int des3_set3key_enc_wrap( void *ctx, const unsigned char *key, unsigned
static void * des_ctx_alloc( void )
{
return polarssl_malloc( sizeof( des_context ) );
}
des_context *des = (des_context *) polarssl_malloc( sizeof( des_context ) );
static void * des3_ctx_alloc( void )
{
return polarssl_malloc( sizeof( des3_context ) );
if( des == NULL )
return( NULL );
des_init( des );
return( des );
}
static void des_ctx_free( void *ctx )
{
des_free( (des_context *) ctx );
polarssl_free( ctx );
}
static void * des3_ctx_alloc( void )
{
des3_context *des3;
des3 = (des3_context *) polarssl_malloc( sizeof( des3_context ) );
if( des3 == NULL )
return( NULL );
des3_init( des3 );
return( des3 );
}
static void des3_ctx_free( void *ctx )
{
des3_free( (des3_context *) ctx );
polarssl_free( ctx );
}
@ -800,8 +964,8 @@ const cipher_base_t des_info = {
POLARSSL_CIPHER_ID_DES,
des_crypt_ecb_wrap,
des_crypt_cbc_wrap,
des_crypt_cfb128_wrap,
des_crypt_ctr_wrap,
NULL,
NULL,
NULL,
des_setkey_enc_wrap,
des_setkey_dec_wrap,
@ -837,13 +1001,13 @@ const cipher_base_t des_ede_info = {
POLARSSL_CIPHER_ID_DES,
des3_crypt_ecb_wrap,
des3_crypt_cbc_wrap,
des_crypt_cfb128_wrap,
des_crypt_ctr_wrap,
NULL,
NULL,
NULL,
des3_set2key_enc_wrap,
des3_set2key_dec_wrap,
des3_ctx_alloc,
des_ctx_free
des3_ctx_free
};
const cipher_info_t des_ede_ecb_info = {
@ -874,13 +1038,13 @@ const cipher_base_t des_ede3_info = {
POLARSSL_CIPHER_ID_DES,
des3_crypt_ecb_wrap,
des3_crypt_cbc_wrap,
des_crypt_cfb128_wrap,
des_crypt_ctr_wrap,
NULL,
NULL,
NULL,
des3_set3key_enc_wrap,
des3_set3key_dec_wrap,
des3_ctx_alloc,
des_ctx_free
des3_ctx_free
};
const cipher_info_t des_ede3_ecb_info = {
@ -905,21 +1069,24 @@ const cipher_info_t des_ede3_cbc_info = {
&des_ede3_info
};
#endif /* POLARSSL_CIPHER_MODE_CBC */
#endif
#endif /* POLARSSL_DES_C */
#if defined(POLARSSL_BLOWFISH_C)
static int blowfish_crypt_ecb_wrap( void *ctx, operation_t operation,
const unsigned char *input, unsigned char *output )
{
return blowfish_crypt_ecb( (blowfish_context *) ctx, operation, input, output );
return blowfish_crypt_ecb( (blowfish_context *) ctx, operation, input,
output );
}
static int blowfish_crypt_cbc_wrap( void *ctx, operation_t operation, size_t length,
unsigned char *iv, const unsigned char *input, unsigned char *output )
static int blowfish_crypt_cbc_wrap( void *ctx, operation_t operation,
size_t length, unsigned char *iv, const unsigned char *input,
unsigned char *output )
{
#if defined(POLARSSL_CIPHER_MODE_CBC)
return blowfish_crypt_cbc( (blowfish_context *) ctx, operation, length, iv, input, output );
return blowfish_crypt_cbc( (blowfish_context *) ctx, operation, length, iv,
input, output );
#else
((void) ctx);
((void) operation);
@ -928,15 +1095,17 @@ static int blowfish_crypt_cbc_wrap( void *ctx, operation_t operation, size_t len
((void) input);
((void) output);
return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
#endif /* POLARSSL_CIPHER_MODE_CBC */
}
static int blowfish_crypt_cfb64_wrap( void *ctx, operation_t operation, size_t length,
size_t *iv_off, unsigned char *iv, const unsigned char *input, unsigned char *output )
static int blowfish_crypt_cfb64_wrap( void *ctx, operation_t operation,
size_t length, size_t *iv_off, unsigned char *iv,
const unsigned char *input, unsigned char *output )
{
#if defined(POLARSSL_CIPHER_MODE_CFB)
return blowfish_crypt_cfb64( (blowfish_context *) ctx, operation, length, iv_off, iv, input, output );
return blowfish_crypt_cfb64( (blowfish_context *) ctx, operation, length,
iv_off, iv, input, output );
#else
((void) ctx);
((void) operation);
@ -946,17 +1115,17 @@ static int blowfish_crypt_cfb64_wrap( void *ctx, operation_t operation, size_t l
((void) input);
((void) output);
return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
#endif
return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
#endif /* POLARSSL_CIPHER_MODE_CFB */
}
static int blowfish_crypt_ctr_wrap( void *ctx, size_t length,
size_t *nc_off, unsigned char *nonce_counter, unsigned char *stream_block,
static int blowfish_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
unsigned char *nonce_counter, unsigned char *stream_block,
const unsigned char *input, unsigned char *output )
{
#if defined(POLARSSL_CIPHER_MODE_CTR)
return blowfish_crypt_ctr( (blowfish_context *) ctx, length, nc_off, nonce_counter,
stream_block, input, output );
return blowfish_crypt_ctr( (blowfish_context *) ctx, length, nc_off,
nonce_counter, stream_block, input, output );
#else
((void) ctx);
((void) length);
@ -966,22 +1135,32 @@ static int blowfish_crypt_ctr_wrap( void *ctx, size_t length,
((void) input);
((void) output);
return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
#endif
return( POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE );
#endif /* POLARSSL_CIPHER_MODE_CTR */
}
static int blowfish_setkey_wrap( void *ctx, const unsigned char *key, unsigned int key_length )
static int blowfish_setkey_wrap( void *ctx, const unsigned char *key,
unsigned int key_length )
{
return blowfish_setkey( (blowfish_context *) ctx, key, key_length );
}
static void * blowfish_ctx_alloc( void )
{
return polarssl_malloc( sizeof( blowfish_context ) );
blowfish_context *ctx;
ctx = (blowfish_context *) polarssl_malloc( sizeof( blowfish_context ) );
if( ctx == NULL )
return( NULL );
blowfish_init( ctx );
return( ctx );
}
static void blowfish_ctx_free( void *ctx )
{
blowfish_free( (blowfish_context *) ctx );
polarssl_free( ctx );
}
@ -1004,7 +1183,7 @@ const cipher_info_t blowfish_ecb_info = {
128,
"BLOWFISH-ECB",
8,
0,
POLARSSL_CIPHER_VARIABLE_KEY_LEN,
8,
&blowfish_info
};
@ -1016,7 +1195,7 @@ const cipher_info_t blowfish_cbc_info = {
128,
"BLOWFISH-CBC",
8,
0,
POLARSSL_CIPHER_VARIABLE_KEY_LEN,
8,
&blowfish_info
};
@ -1029,7 +1208,7 @@ const cipher_info_t blowfish_cfb64_info = {
128,
"BLOWFISH-CFB64",
8,
0,
POLARSSL_CIPHER_VARIABLE_KEY_LEN,
8,
&blowfish_info
};
@ -1042,7 +1221,7 @@ const cipher_info_t blowfish_ctr_info = {
128,
"BLOWFISH-CTR",
8,
0,
POLARSSL_CIPHER_VARIABLE_KEY_LEN,
8,
&blowfish_info
};
@ -1061,7 +1240,7 @@ static int arc4_setkey_wrap( void *ctx, const unsigned char *key,
unsigned int key_length )
{
/* we get key_length in bits, arc4 expects it in bytes */
if( key_length % 8 != 0)
if( key_length % 8 != 0 )
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
arc4_setup( (arc4_context *) ctx, key, key_length / 8 );
@ -1070,11 +1249,20 @@ static int arc4_setkey_wrap( void *ctx, const unsigned char *key,
static void * arc4_ctx_alloc( void )
{
return polarssl_malloc( sizeof( arc4_context ) );
arc4_context *ctx;
ctx = (arc4_context *) polarssl_malloc( sizeof( arc4_context ) );
if( ctx == NULL )
return( NULL );
arc4_init( ctx );
return( ctx );
}
static void arc4_ctx_free( void *ctx )
{
arc4_free( (arc4_context *) ctx );
polarssl_free( ctx );
}
@ -1125,7 +1313,7 @@ static int null_setkey( void *ctx, const unsigned char *key,
static void * null_ctx_alloc( void )
{
return (void *) 1;
return( (void *) 1 )
}
static void null_ctx_free( void *ctx )
@ -1184,6 +1372,11 @@ const cipher_definition_t cipher_definitions[] =
{ POLARSSL_CIPHER_AES_192_GCM, &aes_192_gcm_info },
{ POLARSSL_CIPHER_AES_256_GCM, &aes_256_gcm_info },
#endif
#if defined(POLARSSL_CCM_C)
{ POLARSSL_CIPHER_AES_128_CCM, &aes_128_ccm_info },
{ POLARSSL_CIPHER_AES_192_CCM, &aes_192_ccm_info },
{ POLARSSL_CIPHER_AES_256_CCM, &aes_256_ccm_info },
#endif
#endif /* POLARSSL_AES_C */
#if defined(POLARSSL_ARC4_C)
@ -1227,6 +1420,11 @@ const cipher_definition_t cipher_definitions[] =
{ POLARSSL_CIPHER_CAMELLIA_192_GCM, &camellia_192_gcm_info },
{ POLARSSL_CIPHER_CAMELLIA_256_GCM, &camellia_256_gcm_info },
#endif
#if defined(POLARSSL_CCM_C)
{ POLARSSL_CIPHER_CAMELLIA_128_CCM, &camellia_128_ccm_info },
{ POLARSSL_CIPHER_CAMELLIA_192_CCM, &camellia_192_ccm_info },
{ POLARSSL_CIPHER_CAMELLIA_256_CCM, &camellia_256_ccm_info },
#endif
#endif /* POLARSSL_CAMELLIA_C */
#if defined(POLARSSL_DES_C)
@ -1250,4 +1448,4 @@ const cipher_definition_t cipher_definitions[] =
#define NUM_CIPHERS sizeof cipher_definitions / sizeof cipher_definitions[0]
int supported_ciphers[NUM_CIPHERS];
#endif
#endif /* POLARSSL_CIPHER_C */

View File

@ -1,7 +1,7 @@
/*
* CTR_DRBG implementation based on AES-256 (NIST SP 800-90)
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -28,7 +28,11 @@
* http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_CTR_DRBG_C)
@ -38,6 +42,17 @@
#include <stdio.h>
#endif
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#define polarssl_printf printf
#endif
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/*
* Non-public function wrapped by ctr_crbg_init(). Necessary to allow NIST
* tests to succeed (which require known length fixed entropy)
@ -56,6 +71,8 @@ int ctr_drbg_init_entropy_len(
memset( ctx, 0, sizeof(ctr_drbg_context) );
memset( key, 0, CTR_DRBG_KEYSIZE );
aes_init( &ctx->aes_ctx );
ctx->f_entropy = f_entropy;
ctx->p_entropy = p_entropy;
@ -83,6 +100,15 @@ int ctr_drbg_init( ctr_drbg_context *ctx,
CTR_DRBG_ENTROPY_LEN ) );
}
void ctr_drbg_free( ctr_drbg_context *ctx )
{
if( ctx == NULL )
return;
aes_free( &ctx->aes_ctx );
polarssl_zeroize( ctx, sizeof( ctr_drbg_context ) );
}
void ctr_drbg_set_prediction_resistance( ctr_drbg_context *ctx, int resistance )
{
ctx->prediction_resistance = resistance;
@ -112,6 +138,7 @@ static int block_cipher_df( unsigned char *output,
size_t buf_len, use_len;
memset( buf, 0, CTR_DRBG_MAX_SEED_INPUT + CTR_DRBG_BLOCKSIZE + 16 );
aes_init( &aes_ctx );
/*
* Construct IV (16 bytes) and S in buffer
@ -179,6 +206,8 @@ static int block_cipher_df( unsigned char *output,
p += CTR_DRBG_BLOCKSIZE;
}
aes_free( &aes_ctx );
return( 0 );
}
@ -326,7 +355,8 @@ int ctr_drbg_random_with_add( void *p_rng,
*/
aes_crypt_ecb( &ctx->aes_ctx, AES_ENCRYPT, ctx->counter, tmp );
use_len = (output_len > CTR_DRBG_BLOCKSIZE ) ? CTR_DRBG_BLOCKSIZE : output_len;
use_len = ( output_len > CTR_DRBG_BLOCKSIZE ) ? CTR_DRBG_BLOCKSIZE :
output_len;
/*
* Copy random block to destination
*/
@ -410,7 +440,7 @@ int ctr_drbg_update_seed_file( ctr_drbg_context *ctx, const char *path )
#include <stdio.h>
unsigned char entropy_source_pr[96] =
static unsigned char entropy_source_pr[96] =
{ 0xc1, 0x80, 0x81, 0xa6, 0x5d, 0x44, 0x02, 0x16,
0x19, 0xb3, 0xf1, 0x80, 0xb1, 0xc9, 0x20, 0x02,
0x6a, 0x54, 0x6f, 0x0c, 0x70, 0x81, 0x49, 0x8b,
@ -424,7 +454,7 @@ unsigned char entropy_source_pr[96] =
0x93, 0x92, 0xcf, 0xc5, 0x23, 0x12, 0xd5, 0x56,
0x2c, 0x4a, 0x6e, 0xff, 0xdc, 0x10, 0xd0, 0x68 };
unsigned char entropy_source_nopr[64] =
static unsigned char entropy_source_nopr[64] =
{ 0x5a, 0x19, 0x4d, 0x5e, 0x2b, 0x31, 0x58, 0x14,
0x54, 0xde, 0xf6, 0x75, 0xfb, 0x79, 0x58, 0xfe,
0xc7, 0xdb, 0x87, 0x3e, 0x56, 0x89, 0xfc, 0x9d,
@ -434,32 +464,39 @@ unsigned char entropy_source_nopr[64] =
0xf5, 0x98, 0x3d, 0x77, 0x1c, 0x1b, 0x13, 0x7e,
0x4e, 0x0f, 0x9d, 0x8e, 0xf4, 0x09, 0xf9, 0x2e };
unsigned char nonce_pers_pr[16] =
static const unsigned char nonce_pers_pr[16] =
{ 0xd2, 0x54, 0xfc, 0xff, 0x02, 0x1e, 0x69, 0xd2,
0x29, 0xc9, 0xcf, 0xad, 0x85, 0xfa, 0x48, 0x6c };
unsigned char nonce_pers_nopr[16] =
static const unsigned char nonce_pers_nopr[16] =
{ 0x1b, 0x54, 0xb8, 0xff, 0x06, 0x42, 0xbf, 0xf5,
0x21, 0xf1, 0x5c, 0x1c, 0x0b, 0x66, 0x5f, 0x3f };
unsigned char result_pr[16] =
static const unsigned char result_pr[16] =
{ 0x34, 0x01, 0x16, 0x56, 0xb4, 0x29, 0x00, 0x8f,
0x35, 0x63, 0xec, 0xb5, 0xf2, 0x59, 0x07, 0x23 };
unsigned char result_nopr[16] =
static const unsigned char result_nopr[16] =
{ 0xa0, 0x54, 0x30, 0x3d, 0x8a, 0x7e, 0xa9, 0x88,
0x9d, 0x90, 0x3e, 0x07, 0x7c, 0x6f, 0x21, 0x8f };
int test_offset;
static size_t test_offset;
static int ctr_drbg_self_test_entropy( void *data, unsigned char *buf,
size_t len )
{
unsigned char *p = data;
const unsigned char *p = data;
memcpy( buf, p + test_offset, len );
test_offset += 32;
test_offset += len;
return( 0 );
}
#define CHK( c ) if( (c) != 0 ) \
{ \
if( verbose != 0 ) \
polarssl_printf( "failed\n" ); \
return( 1 ); \
}
/*
* Checkup routine
*/
@ -472,100 +509,41 @@ int ctr_drbg_self_test( int verbose )
* Based on a NIST CTR_DRBG test vector (PR = True)
*/
if( verbose != 0 )
printf( " CTR_DRBG (PR = TRUE) : " );
polarssl_printf( " CTR_DRBG (PR = TRUE) : " );
test_offset = 0;
if( ctr_drbg_init_entropy_len( &ctx, ctr_drbg_self_test_entropy, entropy_source_pr, nonce_pers_pr, 16, 32 ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
return( 1 );
}
CHK( ctr_drbg_init_entropy_len( &ctx, ctr_drbg_self_test_entropy,
entropy_source_pr, nonce_pers_pr, 16, 32 ) );
ctr_drbg_set_prediction_resistance( &ctx, CTR_DRBG_PR_ON );
if( ctr_drbg_random( &ctx, buf, CTR_DRBG_BLOCKSIZE ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
return( 1 );
}
if( ctr_drbg_random( &ctx, buf, CTR_DRBG_BLOCKSIZE ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
return( 1 );
}
if( memcmp( buf, result_pr, CTR_DRBG_BLOCKSIZE ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
return( 1 );
}
CHK( ctr_drbg_random( &ctx, buf, CTR_DRBG_BLOCKSIZE ) );
CHK( ctr_drbg_random( &ctx, buf, CTR_DRBG_BLOCKSIZE ) );
CHK( memcmp( buf, result_pr, CTR_DRBG_BLOCKSIZE ) );
if( verbose != 0 )
printf( "passed\n" );
polarssl_printf( "passed\n" );
/*
* Based on a NIST CTR_DRBG test vector (PR = FALSE)
*/
if( verbose != 0 )
printf( " CTR_DRBG (PR = FALSE): " );
polarssl_printf( " CTR_DRBG (PR = FALSE): " );
test_offset = 0;
if( ctr_drbg_init_entropy_len( &ctx, ctr_drbg_self_test_entropy, entropy_source_nopr, nonce_pers_nopr, 16, 32 ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
return( 1 );
}
if( ctr_drbg_random( &ctx, buf, 16 ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
return( 1 );
}
if( ctr_drbg_reseed( &ctx, NULL, 0 ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
return( 1 );
}
if( ctr_drbg_random( &ctx, buf, 16 ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
return( 1 );
}
if( memcmp( buf, result_nopr, 16 ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
return( 1 );
}
CHK( ctr_drbg_init_entropy_len( &ctx, ctr_drbg_self_test_entropy,
entropy_source_nopr, nonce_pers_nopr, 16, 32 ) );
CHK( ctr_drbg_random( &ctx, buf, 16 ) );
CHK( ctr_drbg_reseed( &ctx, NULL, 0 ) );
CHK( ctr_drbg_random( &ctx, buf, 16 ) );
CHK( memcmp( buf, result_nopr, 16 ) );
if( verbose != 0 )
printf( "passed\n" );
polarssl_printf( "passed\n" );
if( verbose != 0 )
printf( "\n" );
polarssl_printf( "\n" );
return( 0 );
}
#endif
#endif /* POLARSSL_SELF_TEST */
#endif
#endif /* POLARSSL_CTR_DRBG_C */

View File

@ -1,7 +1,7 @@
/*
* Debugging routines
*
* Copyright (C) 2006-2010, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -23,7 +23,11 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_DEBUG_C)
@ -46,6 +50,19 @@
#endif
#endif /* _MSC_VER */
static int debug_log_mode = POLARSSL_DEBUG_DFL_MODE;
static int debug_threshold = 0;
void debug_set_log_mode( int log_mode )
{
debug_log_mode = log_mode;
}
void debug_set_threshold( int threshold )
{
debug_threshold = threshold;
}
char *debug_fmt( const char *format, ... )
{
va_list argp;
@ -66,9 +83,15 @@ void debug_print_msg( const ssl_context *ssl, int level,
char str[512];
int maxlen = sizeof( str ) - 1;
if( ssl->f_dbg == NULL )
if( ssl->f_dbg == NULL || level > debug_threshold )
return;
if( debug_log_mode == POLARSSL_DEBUG_LOG_RAW )
{
ssl->f_dbg( ssl->p_dbg, level, text );
return;
}
snprintf( str, maxlen, "%s(%04d): %s\n", file, line, text );
str[maxlen] = '\0';
ssl->f_dbg( ssl->p_dbg, level, str );
@ -80,12 +103,16 @@ void debug_print_ret( const ssl_context *ssl, int level,
{
char str[512];
int maxlen = sizeof( str ) - 1;
size_t idx = 0;
if( ssl->f_dbg == NULL )
if( ssl->f_dbg == NULL || level > debug_threshold )
return;
snprintf( str, maxlen, "%s(%04d): %s() returned %d (0x%x)\n",
file, line, text, ret, ret );
if( debug_log_mode == POLARSSL_DEBUG_LOG_FULL )
idx = snprintf( str, maxlen, "%s(%04d): ", file, line );
snprintf( str + idx, maxlen - idx, "%s() returned %d (-0x%04x)\n",
text, ret, -ret );
str[maxlen] = '\0';
ssl->f_dbg( ssl->p_dbg, level, str );
@ -96,17 +123,21 @@ void debug_print_buf( const ssl_context *ssl, int level,
unsigned char *buf, size_t len )
{
char str[512];
size_t i, maxlen = sizeof( str ) - 1;
size_t i, maxlen = sizeof( str ) - 1, idx = 0;
if( ssl->f_dbg == NULL )
if( ssl->f_dbg == NULL || level > debug_threshold )
return;
snprintf( str, maxlen, "%s(%04d): dumping '%s' (%d bytes)\n",
file, line, text, (unsigned int) len );
if( debug_log_mode == POLARSSL_DEBUG_LOG_FULL )
idx = snprintf( str, maxlen, "%s(%04d): ", file, line );
snprintf( str + idx, maxlen - idx, "dumping '%s' (%u bytes)\n",
text, (unsigned int) len );
str[maxlen] = '\0';
ssl->f_dbg( ssl->p_dbg, level, str );
idx = 0;
for( i = 0; i < len; i++ )
{
if( i >= 4096 )
@ -115,23 +146,29 @@ void debug_print_buf( const ssl_context *ssl, int level,
if( i % 16 == 0 )
{
if( i > 0 )
ssl->f_dbg( ssl->p_dbg, level, "\n" );
snprintf( str, maxlen, "%s(%04d): %04x: ", file, line,
(unsigned int) i );
str[maxlen] = '\0';
{
snprintf( str + idx, maxlen - idx, "\n" );
ssl->f_dbg( ssl->p_dbg, level, str );
idx = 0;
}
snprintf( str, maxlen, " %02x", (unsigned int) buf[i] );
if( debug_log_mode == POLARSSL_DEBUG_LOG_FULL )
idx = snprintf( str, maxlen, "%s(%04d): ", file, line );
str[maxlen] = '\0';
ssl->f_dbg( ssl->p_dbg, level, str );
idx += snprintf( str + idx, maxlen - idx, "%04x: ",
(unsigned int) i );
}
idx += snprintf( str + idx, maxlen - idx, " %02x",
(unsigned int) buf[i] );
}
if( len > 0 )
ssl->f_dbg( ssl->p_dbg, level, "\n" );
{
snprintf( str + idx, maxlen - idx, "\n" );
ssl->f_dbg( ssl->p_dbg, level, str );
}
}
#if defined(POLARSSL_ECP_C)
@ -142,6 +179,9 @@ void debug_print_ecp( const ssl_context *ssl, int level,
char str[512];
int maxlen = sizeof( str ) - 1;
if( ssl->f_dbg == NULL || level > debug_threshold )
return;
snprintf( str, maxlen, "%s(X)", text );
str[maxlen] = '\0';
debug_print_mpi( ssl, level, file, line, str, &X->X );
@ -149,10 +189,6 @@ void debug_print_ecp( const ssl_context *ssl, int level,
snprintf( str, maxlen, "%s(Y)", text );
str[maxlen] = '\0';
debug_print_mpi( ssl, level, file, line, str, &X->Y );
snprintf( str, maxlen, "%s(Z)", text );
str[maxlen] = '\0';
debug_print_mpi( ssl, level, file, line, str, &X->Z );
}
#endif /* POLARSSL_ECP_C */
@ -163,9 +199,9 @@ void debug_print_mpi( const ssl_context *ssl, int level,
{
char str[512];
int j, k, maxlen = sizeof( str ) - 1, zeros = 1;
size_t i, n;
size_t i, n, idx = 0;
if( ssl->f_dbg == NULL || X == NULL )
if( ssl->f_dbg == NULL || X == NULL || level > debug_threshold )
return;
for( n = X->n - 1; n > 0; n-- )
@ -176,13 +212,16 @@ void debug_print_mpi( const ssl_context *ssl, int level,
if( ( ( X->p[n] >> j ) & 1 ) != 0 )
break;
snprintf( str, maxlen, "%s(%04d): value of '%s' (%d bits) is:\n",
file, line, text,
(int) ( ( n * ( sizeof(t_uint) << 3 ) ) + j + 1 ) );
if( debug_log_mode == POLARSSL_DEBUG_LOG_FULL )
idx = snprintf( str, maxlen, "%s(%04d): ", file, line );
snprintf( str + idx, maxlen - idx, "value of '%s' (%d bits) is:\n",
text, (int) ( ( n * ( sizeof(t_uint) << 3 ) ) + j + 1 ) );
str[maxlen] = '\0';
ssl->f_dbg( ssl->p_dbg, level, str );
idx = 0;
for( i = n + 1, j = 0; i > 0; i-- )
{
if( zeros && X->p[i - 1] == 0 )
@ -190,7 +229,7 @@ void debug_print_mpi( const ssl_context *ssl, int level,
for( k = sizeof( t_uint ) - 1; k >= 0; k-- )
{
if( zeros && ( ( X->p[i - 1] >> (k << 3) ) & 0xFF ) == 0 )
if( zeros && ( ( X->p[i - 1] >> ( k << 3 ) ) & 0xFF ) == 0 )
continue;
else
zeros = 0;
@ -198,19 +237,18 @@ void debug_print_mpi( const ssl_context *ssl, int level,
if( j % 16 == 0 )
{
if( j > 0 )
ssl->f_dbg( ssl->p_dbg, level, "\n" );
snprintf( str, maxlen, "%s(%04d): ", file, line );
str[maxlen] = '\0';
{
snprintf( str + idx, maxlen - idx, "\n" );
ssl->f_dbg( ssl->p_dbg, level, str );
idx = 0;
}
snprintf( str, maxlen, " %02x", (unsigned int)
( X->p[i - 1] >> (k << 3) ) & 0xFF );
if( debug_log_mode == POLARSSL_DEBUG_LOG_FULL )
idx = snprintf( str, maxlen, "%s(%04d): ", file, line );
}
str[maxlen] = '\0';
ssl->f_dbg( ssl->p_dbg, level, str );
idx += snprintf( str + idx, maxlen - idx, " %02x", (unsigned int)
( X->p[i - 1] >> ( k << 3 ) ) & 0xFF );
j++;
}
@ -219,14 +257,16 @@ void debug_print_mpi( const ssl_context *ssl, int level,
if( zeros == 1 )
{
snprintf( str, maxlen, "%s(%04d): ", file, line );
if( debug_log_mode == POLARSSL_DEBUG_LOG_FULL )
{
idx = snprintf( str, maxlen, "%s(%04d): ", file, line );
str[maxlen] = '\0';
ssl->f_dbg( ssl->p_dbg, level, str );
ssl->f_dbg( ssl->p_dbg, level, " 00" );
}
idx += snprintf( str + idx, maxlen - idx, " 00" );
}
ssl->f_dbg( ssl->p_dbg, level, "\n" );
snprintf( str + idx, maxlen - idx, "\n" );
ssl->f_dbg( ssl->p_dbg, level, str );
}
#endif /* POLARSSL_BIGNUM_C */
@ -247,7 +287,7 @@ static void debug_print_pk( const ssl_context *ssl, int level,
return;
}
for( i = 0; i < sizeof( items ); i++ )
for( i = 0; i < POLARSSL_PK_DEBUG_MAX_ITEMS; i++ )
{
if( items[i].type == POLARSSL_PK_DEBUG_NONE )
return;
@ -272,13 +312,19 @@ void debug_print_crt( const ssl_context *ssl, int level,
const char *text, const x509_crt *crt )
{
char str[1024], prefix[64];
int i = 0, maxlen = sizeof( prefix ) - 1;
int i = 0, maxlen = sizeof( prefix ) - 1, idx = 0;
if( ssl->f_dbg == NULL || crt == NULL )
if( ssl->f_dbg == NULL || crt == NULL || level > debug_threshold )
return;
if( debug_log_mode == POLARSSL_DEBUG_LOG_FULL )
{
snprintf( prefix, maxlen, "%s(%04d): ", file, line );
prefix[maxlen] = '\0';
}
else
prefix[0] = '\0';
maxlen = sizeof( str ) - 1;
while( crt != NULL )
@ -286,8 +332,11 @@ void debug_print_crt( const ssl_context *ssl, int level,
char buf[1024];
x509_crt_info( buf, sizeof( buf ) - 1, prefix, crt );
snprintf( str, maxlen, "%s(%04d): %s #%d:\n%s",
file, line, text, ++i, buf );
if( debug_log_mode == POLARSSL_DEBUG_LOG_FULL )
idx = snprintf( str, maxlen, "%s(%04d): ", file, line );
snprintf( str + idx, maxlen - idx, "%s #%d:\n%s",
text, ++i, buf );
str[maxlen] = '\0';
ssl->f_dbg( ssl->p_dbg, level, str );
@ -299,4 +348,4 @@ void debug_print_crt( const ssl_context *ssl, int level,
}
#endif /* POLARSSL_X509_CRT_PARSE_C */
#endif
#endif /* POLARSSL_DEBUG_C */

View File

@ -1,7 +1,7 @@
/*
* FIPS-46-3 compliant Triple-DES implementation
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -29,14 +29,29 @@
* http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_DES_C)
#include "polarssl/des.h"
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#define polarssl_printf printf
#endif
#if !defined(POLARSSL_DES_ALT)
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/*
* 32-bit integer manipulation macros (big endian)
*/
@ -290,6 +305,32 @@ static const uint32_t RHs[16] =
#define SWAP(a,b) { uint32_t t = a; a = b; b = t; t = 0; }
void des_init( des_context *ctx )
{
memset( ctx, 0, sizeof( des_context ) );
}
void des_free( des_context *ctx )
{
if( ctx == NULL )
return;
polarssl_zeroize( ctx, sizeof( des_context ) );
}
void des3_init( des3_context *ctx )
{
memset( ctx, 0, sizeof( des3_context ) );
}
void des3_free( des3_context *ctx )
{
if( ctx == NULL )
return;
polarssl_zeroize( ctx, sizeof( des3_context ) );
}
static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
@ -317,7 +358,7 @@ int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] )
int i;
for( i = 0; i < DES_KEY_SIZE; i++ )
if ( key[i] != odd_parity_table[key[i] / 2] )
if( key[i] != odd_parity_table[key[i] / 2] )
return( 1 );
return( 0 );
@ -372,7 +413,7 @@ int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] )
int i;
for( i = 0; i < WEAK_KEY_COUNT; i++ )
if( memcmp( weak_key_table[i], key, DES_KEY_SIZE) == 0)
if( memcmp( weak_key_table[i], key, DES_KEY_SIZE) == 0 )
return( 1 );
return( 0 );
@ -503,12 +544,13 @@ static void des3_set2key( uint32_t esk[96],
/*
* Triple-DES key schedule (112-bit, encryption)
*/
int des3_set2key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] )
int des3_set2key_enc( des3_context *ctx,
const unsigned char key[DES_KEY_SIZE * 2] )
{
uint32_t sk[96];
des3_set2key( ctx->sk, sk, key );
memset( sk, 0, sizeof( sk ) );
polarssl_zeroize( sk, sizeof( sk ) );
return( 0 );
}
@ -516,12 +558,13 @@ int des3_set2key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE *
/*
* Triple-DES key schedule (112-bit, decryption)
*/
int des3_set2key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] )
int des3_set2key_dec( des3_context *ctx,
const unsigned char key[DES_KEY_SIZE * 2] )
{
uint32_t sk[96];
des3_set2key( sk, ctx->sk, key );
memset( sk, 0, sizeof( sk ) );
polarssl_zeroize( sk, sizeof( sk ) );
return( 0 );
}
@ -552,12 +595,13 @@ static void des3_set3key( uint32_t esk[96],
/*
* Triple-DES key schedule (168-bit, encryption)
*/
int des3_set3key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] )
int des3_set3key_enc( des3_context *ctx,
const unsigned char key[DES_KEY_SIZE * 3] )
{
uint32_t sk[96];
des3_set3key( ctx->sk, sk, key );
memset( sk, 0, sizeof( sk ) );
polarssl_zeroize( sk, sizeof( sk ) );
return( 0 );
}
@ -565,12 +609,13 @@ int des3_set3key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE *
/*
* Triple-DES key schedule (168-bit, decryption)
*/
int des3_set3key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] )
int des3_set3key_dec( des3_context *ctx,
const unsigned char key[DES_KEY_SIZE * 3] )
{
uint32_t sk[96];
des3_set3key( sk, ctx->sk, key );
memset( sk, 0, sizeof( sk ) );
polarssl_zeroize( sk, sizeof( sk ) );
return( 0 );
}
@ -775,11 +820,6 @@ static const unsigned char des3_test_keys[24] =
0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
};
static const unsigned char des3_test_iv[8] =
{
0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
};
static const unsigned char des3_test_buf[8] =
{
0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
@ -799,6 +839,12 @@ static const unsigned char des3_test_ecb_enc[3][8] =
{ 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 }
};
#if defined(POLARSSL_CIPHER_MODE_CBC)
static const unsigned char des3_test_iv[8] =
{
0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
};
static const unsigned char des3_test_cbc_dec[3][8] =
{
{ 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 },
@ -812,24 +858,24 @@ static const unsigned char des3_test_cbc_enc[3][8] =
{ 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D },
{ 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 }
};
#endif /* POLARSSL_CIPHER_MODE_CBC */
/*
* Checkup routine
*/
int des_self_test( int verbose )
{
int i, j, u, v;
int i, j, u, v, ret = 0;
des_context ctx;
des3_context ctx3;
unsigned char key[24];
unsigned char buf[8];
#if defined(POLARSSL_CIPHER_MODE_CBC)
unsigned char prv[8];
unsigned char iv[8];
#endif
memset( key, 0, 24 );
des_init( &ctx );
des3_init( &ctx3 );
/*
* ECB mode
*/
@ -839,7 +885,7 @@ int des_self_test( int verbose )
v = i & 1;
if( verbose != 0 )
printf( " DES%c-ECB-%3d (%s): ",
polarssl_printf( " DES%c-ECB-%3d (%s): ",
( u == 0 ) ? ' ' : '3', 56 + u * 56,
( v == DES_DECRYPT ) ? "dec" : "enc" );
@ -889,17 +935,18 @@ int des_self_test( int verbose )
memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
ret = 1;
goto exit;
}
if( verbose != 0 )
printf( "passed\n" );
polarssl_printf( "passed\n" );
}
if( verbose != 0 )
printf( "\n" );
polarssl_printf( "\n" );
#if defined(POLARSSL_CIPHER_MODE_CBC)
/*
@ -911,7 +958,7 @@ int des_self_test( int verbose )
v = i & 1;
if( verbose != 0 )
printf( " DES%c-CBC-%3d (%s): ",
polarssl_printf( " DES%c-CBC-%3d (%s): ",
( u == 0 ) ? ' ' : '3', 56 + u * 56,
( v == DES_DECRYPT ) ? "dec" : "enc" );
@ -984,22 +1031,27 @@ int des_self_test( int verbose )
memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
ret = 1;
goto exit;
}
if( verbose != 0 )
printf( "passed\n" );
polarssl_printf( "passed\n" );
}
#endif /* POLARSSL_CIPHER_MODE_CBC */
if( verbose != 0 )
printf( "\n" );
polarssl_printf( "\n" );
return( 0 );
exit:
des_free( &ctx );
des3_free( &ctx3 );
return( ret );
}
#endif
#endif /* POLARSSL_SELF_TEST */
#endif
#endif /* POLARSSL_DES_C */

View File

@ -1,7 +1,7 @@
/*
* Diffie-Hellman-Merkle key exchange
*
* Copyright (C) 2006-2010, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -28,7 +28,11 @@
* http://www.cacr.math.uwaterloo.ca/hac/ (chapter 12)
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_DHM_C)
@ -42,14 +46,20 @@
#include "polarssl/asn1.h"
#endif
#if defined(POLARSSL_MEMORY_C)
#include "polarssl/memory.h"
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#include <stdlib.h>
#define polarssl_printf printf
#define polarssl_malloc malloc
#define polarssl_free free
#endif
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/*
* helper to validate the mpi size and import it
*/
@ -91,8 +101,9 @@ static int dhm_check_range( const mpi *param, const mpi *P )
int ret = POLARSSL_ERR_DHM_BAD_INPUT_DATA;
mpi_init( &L ); mpi_init( &U );
mpi_lset( &L, 2 );
mpi_sub_int( &U, P, 2 );
MPI_CHK( mpi_lset( &L, 2 ) );
MPI_CHK( mpi_sub_int( &U, P, 2 ) );
if( mpi_cmp_mpi( param, &L ) >= 0 &&
mpi_cmp_mpi( param, &U ) <= 0 )
@ -100,11 +111,16 @@ static int dhm_check_range( const mpi *param, const mpi *P )
ret = 0;
}
cleanup:
mpi_free( &L ); mpi_free( &U );
return( ret );
}
void dhm_init( dhm_context *ctx )
{
memset( ctx, 0, sizeof( dhm_context ) );
}
/*
* Parse the ServerKeyExchange parameters
*/
@ -114,8 +130,6 @@ int dhm_read_params( dhm_context *ctx,
{
int ret;
dhm_free( ctx );
if( ( ret = dhm_read_bignum( &ctx->P, p, end ) ) != 0 ||
( ret = dhm_read_bignum( &ctx->G, p, end ) ) != 0 ||
( ret = dhm_read_bignum( &ctx->GY, p, end ) ) != 0 )
@ -152,7 +166,7 @@ int dhm_make_params( dhm_context *ctx, int x_size,
mpi_fill_random( &ctx->X, x_size, f_rng, p_rng );
while( mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 )
mpi_shift_r( &ctx->X, 1 );
MPI_CHK( mpi_shift_r( &ctx->X, 1 ) );
if( count++ > 10 )
return( POLARSSL_ERR_DHM_MAKE_PARAMS_FAILED );
@ -238,7 +252,7 @@ int dhm_make_public( dhm_context *ctx, int x_size,
mpi_fill_random( &ctx->X, x_size, f_rng, p_rng );
while( mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 )
mpi_shift_r( &ctx->X, 1 );
MPI_CHK( mpi_shift_r( &ctx->X, 1 ) );
if( count++ > 10 )
return( POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED );
@ -311,7 +325,7 @@ static int dhm_update_blinding( dhm_context *ctx,
mpi_fill_random( &ctx->Vi, mpi_size( &ctx->P ), f_rng, p_rng );
while( mpi_cmp_mpi( &ctx->Vi, &ctx->P ) >= 0 )
mpi_shift_r( &ctx->Vi, 1 );
MPI_CHK( mpi_shift_r( &ctx->Vi, 1 ) );
if( count++ > 10 )
return( POLARSSL_ERR_MPI_NOT_ACCEPTABLE );
@ -389,14 +403,15 @@ void dhm_free( dhm_context *ctx )
mpi_free( &ctx->GX ); mpi_free( &ctx->X ); mpi_free( &ctx->G );
mpi_free( &ctx->P );
memset( ctx, 0, sizeof( dhm_context ) );
polarssl_zeroize( ctx, sizeof( dhm_context ) );
}
#if defined(POLARSSL_ASN1_PARSE_C)
/*
* Parse DHM parameters
*/
int dhm_parse_dhm( dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen )
int dhm_parse_dhm( dhm_context *dhm, const unsigned char *dhmin,
size_t dhminlen )
{
int ret;
size_t len;
@ -405,7 +420,6 @@ int dhm_parse_dhm( dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen
pem_context pem;
pem_init( &pem );
memset( dhm, 0, sizeof( dhm_context ) );
ret = pem_read_buffer( &pem,
"-----BEGIN DH PARAMETERS-----",
@ -425,7 +439,7 @@ int dhm_parse_dhm( dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen
p = ( ret == 0 ) ? pem.buf : (unsigned char *) dhmin;
#else
p = (unsigned char *) dhmin;
#endif
#endif /* POLARSSL_PEM_PARSE_C */
end = p + dhminlen;
/*
@ -459,6 +473,8 @@ int dhm_parse_dhm( dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen
ret = 0;
dhm->len = mpi_size( &dhm->P );
exit:
#if defined(POLARSSL_PEM_PARSE_C)
pem_free( &pem );
@ -521,12 +537,12 @@ int dhm_parse_dhmfile( dhm_context *dhm, const char *path )
size_t n;
unsigned char *buf;
if ( ( ret = load_file( path, &buf, &n ) ) != 0 )
if( ( ret = load_file( path, &buf, &n ) ) != 0 )
return( ret );
ret = dhm_parse_dhm( dhm, buf, n );
memset( buf, 0, n + 1 );
polarssl_zeroize( buf, n + 1 );
polarssl_free( buf );
return( ret );
@ -547,30 +563,36 @@ int dhm_self_test( int verbose )
int ret;
dhm_context dhm;
dhm_init( &dhm );
if( verbose != 0 )
printf( " DHM parameter load: " );
polarssl_printf( " DHM parameter load: " );
if( ( ret = dhm_parse_dhm( &dhm, (const unsigned char *) test_dhm_params,
strlen( test_dhm_params ) ) ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( ret );
ret = 1;
goto exit;
}
if( verbose != 0 )
printf( "passed\n\n" );
polarssl_printf( "passed\n\n" );
exit:
dhm_free( &dhm );
return( 0 );
return( ret );
#else
((void) verbose);
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
#endif
if( verbose != 0 )
polarssl_printf( " DHM parameter load: skipped\n" );
return( 0 );
#endif /* POLARSSL_CERTS_C */
}
#endif
#endif /* POLARSSL_SELF_TEST */
#endif
#endif /* POLARSSL_DHM_C */

View File

@ -1,7 +1,7 @@
/*
* Elliptic curve Diffie-Hellman
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -30,7 +30,11 @@
* RFC 4492
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_ECDH_C)
@ -97,13 +101,13 @@ void ecdh_free( ecdh_context *ctx )
return;
ecp_group_free( &ctx->grp );
mpi_free ( &ctx->d );
ecp_point_free( &ctx->Q );
ecp_point_free( &ctx->Qp );
mpi_free ( &ctx->z );
ecp_point_free( &ctx->Vi );
ecp_point_free( &ctx->Vf );
mpi_free ( &ctx->_d );
mpi_free( &ctx->d );
mpi_free( &ctx->z );
mpi_free( &ctx->_d );
}
/*
@ -140,7 +144,7 @@ int ecdh_make_params( ecdh_context *ctx, size_t *olen,
return( ret );
*olen = grp_len + pt_len;
return 0;
return( 0 );
}
/*
@ -162,7 +166,7 @@ int ecdh_read_params( ecdh_context *ctx,
!= 0 )
return( ret );
return 0;
return( 0 );
}
/*
@ -218,10 +222,19 @@ int ecdh_make_public( ecdh_context *ctx, size_t *olen,
int ecdh_read_public( ecdh_context *ctx,
const unsigned char *buf, size_t blen )
{
int ret;
const unsigned char *p = buf;
if( ctx == NULL )
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
return ecp_tls_read_point( &ctx->grp, &ctx->Qp, &buf, blen );
if( ( ret = ecp_tls_read_point( &ctx->grp, &ctx->Qp, &p, blen ) ) != 0 )
return( ret );
if( (size_t)( p - buf ) != blen )
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
return( 0 );
}
/*
@ -262,6 +275,6 @@ int ecdh_self_test( int verbose )
return( 0 );
}
#endif
#endif /* POLARSSL_SELF_TEST */
#endif /* defined(POLARSSL_ECDH_C) */
#endif /* POLARSSL_ECDH_C */

View File

@ -1,7 +1,7 @@
/*
* Elliptic curve DSA
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -29,7 +29,11 @@
* SEC1 http://www.secg.org/index.php?action=secg,docs_secg
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_ECDSA_C)
@ -37,101 +41,10 @@
#include "polarssl/asn1write.h"
#if defined(POLARSSL_ECDSA_DETERMINISTIC)
/*
* Simplified HMAC_DRBG context.
* No reseed counter, no prediction resistance flag.
*/
typedef struct
{
md_context_t md_ctx;
unsigned char V[POLARSSL_MD_MAX_SIZE];
unsigned char K[POLARSSL_MD_MAX_SIZE];
} hmac_drbg_context;
/*
* Simplified HMAC_DRBG update, using optional additional data
*/
static void hmac_drbg_update( hmac_drbg_context *ctx,
const unsigned char *data, size_t data_len )
{
size_t md_len = ctx->md_ctx.md_info->size;
unsigned char rounds = ( data != NULL && data_len != 0 ) ? 2 : 1;
unsigned char sep[1];
for( sep[0] = 0; sep[0] < rounds; sep[0]++ )
{
md_hmac_starts( &ctx->md_ctx, ctx->K, md_len );
md_hmac_update( &ctx->md_ctx, ctx->V, md_len );
md_hmac_update( &ctx->md_ctx, sep, 1 );
if( rounds == 2 )
md_hmac_update( &ctx->md_ctx, data, data_len );
md_hmac_finish( &ctx->md_ctx, ctx->K );
md_hmac_starts( &ctx->md_ctx, ctx->K, md_len );
md_hmac_update( &ctx->md_ctx, ctx->V, md_len );
md_hmac_finish( &ctx->md_ctx, ctx->V );
}
}
/*
* Simplified HMAC_DRBG initialisation.
*
* Uses an entropy buffer rather than callback,
* assume personalisation string is included in entropy buffer,
* assumes md_info is not NULL and valid.
*/
static void hmac_drbg_init( hmac_drbg_context *ctx,
const md_info_t * md_info,
const unsigned char *data, size_t data_len )
{
memset( ctx, 0, sizeof( hmac_drbg_context ) );
md_init_ctx( &ctx->md_ctx, md_info );
memset( ctx->V, 0x01, md_info->size );
/* ctx->K is already 0 */
hmac_drbg_update( ctx, data, data_len );
}
/*
* Simplified HMAC_DRBG random function
*/
static int hmac_drbg_random( void *state,
unsigned char *output, size_t out_len )
{
hmac_drbg_context *ctx = (hmac_drbg_context *) state;
size_t md_len = ctx->md_ctx.md_info->size;
size_t left = out_len;
unsigned char *out = output;
while( left != 0 )
{
size_t use_len = left > md_len ? md_len : left;
md_hmac_starts( &ctx->md_ctx, ctx->K, md_len );
md_hmac_update( &ctx->md_ctx, ctx->V, md_len );
md_hmac_finish( &ctx->md_ctx, ctx->V );
memcpy( out, ctx->V, use_len );
out += use_len;
left -= use_len;
}
hmac_drbg_update( ctx, NULL, 0 );
return( 0 );
}
static void hmac_drbg_free( hmac_drbg_context *ctx )
{
if( ctx == NULL )
return;
md_free_ctx( &ctx->md_ctx );
memset( ctx, 0, sizeof( hmac_drbg_context ) );
}
#include "polarssl/hmac_drbg.h"
#endif
#if defined(POLARSSL_ECDSA_DETERMINISTIC)
/*
* This a hopefully temporary compatibility function.
*
@ -140,7 +53,7 @@ static void hmac_drbg_free( hmac_drbg_context *ctx )
*
* Argument is the minimum size in bytes of the MD output.
*/
static const md_info_t *md_info_by_size( int min_size )
static const md_info_t *md_info_by_size( size_t min_size )
{
const md_info_t *md_cur, *md_picked = NULL;
const int *md_alg;
@ -148,7 +61,7 @@ static const md_info_t *md_info_by_size( int min_size )
for( md_alg = md_list(); *md_alg != 0; md_alg++ )
{
if( ( md_cur = md_info_from_type( *md_alg ) ) == NULL ||
md_cur->size < min_size ||
(size_t) md_cur->size < min_size ||
( md_picked != NULL && md_cur->size > md_picked->size ) )
continue;
@ -157,7 +70,7 @@ static const md_info_t *md_info_by_size( int min_size )
return( md_picked );
}
#endif
#endif /* POLARSSL_ECDSA_DETERMINISTIC */
/*
* Derive a suitable integer for group grp from a buffer of length len
@ -167,7 +80,7 @@ static int derive_mpi( const ecp_group *grp, mpi *x,
const unsigned char *buf, size_t blen )
{
int ret;
size_t n_size = (grp->nbits + 7) / 8;
size_t n_size = ( grp->nbits + 7 ) / 8;
size_t use_size = blen > n_size ? n_size : blen;
MPI_CHK( mpi_read_binary( x, buf, use_size ) );
@ -190,17 +103,16 @@ int ecdsa_sign( ecp_group *grp, mpi *r, mpi *s,
const mpi *d, const unsigned char *buf, size_t blen,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int ret, key_tries, sign_tries;
int ret, key_tries, sign_tries, blind_tries;
ecp_point R;
mpi k, e;
mpi k, e, t;
/* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */
if( grp->N.p == NULL )
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
ecp_point_init( &R );
mpi_init( &k );
mpi_init( &e );
mpi_init( &k ); mpi_init( &e ); mpi_init( &t );
sign_tries = 0;
do
@ -229,10 +141,30 @@ int ecdsa_sign( ecp_group *grp, mpi *r, mpi *s,
MPI_CHK( derive_mpi( grp, &e, buf, blen ) );
/*
* Step 6: compute s = (e + r * d) / k mod n
* Generate a random value to blind inv_mod in next step,
* avoiding a potential timing leak.
*/
blind_tries = 0;
do
{
size_t n_size = ( grp->nbits + 7 ) / 8;
MPI_CHK( mpi_fill_random( &t, n_size, f_rng, p_rng ) );
MPI_CHK( mpi_shift_r( &t, 8 * n_size - grp->nbits ) );
/* See ecp_gen_keypair() */
if( ++blind_tries > 30 )
return( POLARSSL_ERR_ECP_RANDOM_FAILED );
}
while( mpi_cmp_int( &t, 1 ) < 0 ||
mpi_cmp_mpi( &t, &grp->N ) >= 0 );
/*
* Step 6: compute s = (e + r * d) / k = t (e + rd) / (kt) mod n
*/
MPI_CHK( mpi_mul_mpi( s, r, d ) );
MPI_CHK( mpi_add_mpi( &e, &e, s ) );
MPI_CHK( mpi_mul_mpi( &e, &e, &t ) );
MPI_CHK( mpi_mul_mpi( &k, &k, &t ) );
MPI_CHK( mpi_inv_mod( s, &k, &grp->N ) );
MPI_CHK( mpi_mul_mpi( s, s, &e ) );
MPI_CHK( mpi_mod_mpi( s, s, &grp->N ) );
@ -247,8 +179,7 @@ int ecdsa_sign( ecp_group *grp, mpi *r, mpi *s,
cleanup:
ecp_point_free( &R );
mpi_free( &k );
mpi_free( &e );
mpi_free( &k ); mpi_free( &e ); mpi_free( &t );
return( ret );
}
@ -284,7 +215,7 @@ int ecdsa_sign_det( ecp_group *grp, mpi *r, mpi *s,
MPI_CHK( mpi_write_binary( d, data, grp_len ) );
MPI_CHK( derive_mpi( grp, &h, buf, blen ) );
MPI_CHK( mpi_write_binary( &h, data + grp_len, grp_len ) );
hmac_drbg_init( &rng_ctx, md_info, data, 2 * grp_len );
hmac_drbg_init_buf( &rng_ctx, md_info, data, 2 * grp_len );
ret = ecdsa_sign( grp, r, s, d, buf, blen,
hmac_drbg_random, &rng_ctx );
@ -495,11 +426,14 @@ int ecdsa_read_signature( ecdsa_context *ctx,
( ret = asn1_get_mpi( &p, end, &ctx->s ) ) != 0 )
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA + ret );
if( p != end )
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
if( ( ret = ecdsa_verify( &ctx->grp, hash, hlen,
&ctx->Q, &ctx->r, &ctx->s ) ) != 0 )
return( ret );
return( ecdsa_verify( &ctx->grp, hash, hlen, &ctx->Q, &ctx->r, &ctx->s ) );
if( p != end )
return( POLARSSL_ERR_ECP_SIG_LEN_MISMATCH );
return( 0 );
}
/*
@ -564,6 +498,6 @@ int ecdsa_self_test( int verbose )
return( 0 );
}
#endif
#endif /* POLARSSL_SELF_TEST */
#endif /* defined(POLARSSL_ECDSA_C) */
#endif /* POLARSSL_ECDSA_C */

View File

@ -1,7 +1,7 @@
/*
* Elliptic curves over GF(p): generic functions
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -44,15 +44,20 @@
* <http://eprint.iacr.org/2004/342.pdf>
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_ECP_C)
#include "polarssl/ecp.h"
#if defined(POLARSSL_MEMORY_C)
#include "polarssl/memory.h"
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#define polarssl_printf printf
#define polarssl_malloc malloc
#define polarssl_free free
#endif
@ -72,6 +77,11 @@
#endif /* __ARMCC_VERSION */
#endif /*_MSC_VER */
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
#if defined(POLARSSL_SELF_TEST)
/*
* Counts of point addition and doubling, and field multiplications.
@ -87,7 +97,10 @@ static unsigned long add_count, dbl_count, mul_count;
defined(POLARSSL_ECP_DP_SECP521R1_ENABLED) || \
defined(POLARSSL_ECP_DP_BP256R1_ENABLED) || \
defined(POLARSSL_ECP_DP_BP384R1_ENABLED) || \
defined(POLARSSL_ECP_DP_BP512R1_ENABLED)
defined(POLARSSL_ECP_DP_BP512R1_ENABLED) || \
defined(POLARSSL_ECP_DP_SECP192K1_ENABLED) || \
defined(POLARSSL_ECP_DP_SECP224K1_ENABLED) || \
defined(POLARSSL_ECP_DP_SECP256K1_ENABLED)
#define POLARSSL_ECP_SHORT_WEIERSTRASS
#endif
@ -114,55 +127,89 @@ typedef enum
* - TLS NamedCurve ID (RFC 4492 sec. 5.1.1, RFC 7071 sec. 2)
* - size in bits
* - readable name
*
* Curves are listed in order: largest curves first, and for a given size,
* fastest curves first. This provides the default order for the SSL module.
*/
static const ecp_curve_info ecp_supported_curves[] =
{
#if defined(POLARSSL_ECP_DP_BP512R1_ENABLED)
{ POLARSSL_ECP_DP_BP512R1, 28, 512, "brainpoolP512r1" },
#endif
#if defined(POLARSSL_ECP_DP_BP384R1_ENABLED)
{ POLARSSL_ECP_DP_BP384R1, 27, 384, "brainpoolP384r1" },
#endif
#if defined(POLARSSL_ECP_DP_BP256R1_ENABLED)
{ POLARSSL_ECP_DP_BP256R1, 26, 256, "brainpoolP256r1" },
#endif
#if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
{ POLARSSL_ECP_DP_SECP521R1, 25, 521, "secp521r1" },
#endif
#if defined(POLARSSL_ECP_DP_BP512R1_ENABLED)
{ POLARSSL_ECP_DP_BP512R1, 28, 512, "brainpoolP512r1" },
#endif
#if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
{ POLARSSL_ECP_DP_SECP384R1, 24, 384, "secp384r1" },
#endif
#if defined(POLARSSL_ECP_DP_BP384R1_ENABLED)
{ POLARSSL_ECP_DP_BP384R1, 27, 384, "brainpoolP384r1" },
#endif
#if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
{ POLARSSL_ECP_DP_SECP256R1, 23, 256, "secp256r1" },
#endif
#if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
{ POLARSSL_ECP_DP_SECP224R1, 21, 224, "secp224r1" },
#endif
#if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
{ POLARSSL_ECP_DP_SECP192R1, 19, 192, "secp192r1" },
#endif
#if defined(POLARSSL_ECP_DP_SECP256K1_ENABLED)
{ POLARSSL_ECP_DP_SECP256K1, 22, 256, "secp256k1" },
#endif
#if defined(POLARSSL_ECP_DP_BP256R1_ENABLED)
{ POLARSSL_ECP_DP_BP256R1, 26, 256, "brainpoolP256r1" },
#endif
#if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
{ POLARSSL_ECP_DP_SECP224R1, 21, 224, "secp224r1" },
#endif
#if defined(POLARSSL_ECP_DP_SECP224K1_ENABLED)
{ POLARSSL_ECP_DP_SECP224K1, 20, 224, "secp224k1" },
#endif
#if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
{ POLARSSL_ECP_DP_SECP192R1, 19, 192, "secp192r1" },
#endif
#if defined(POLARSSL_ECP_DP_SECP192K1_ENABLED)
{ POLARSSL_ECP_DP_SECP192K1, 18, 192, "secp192k1" },
#endif
{ POLARSSL_ECP_DP_NONE, 0, 0, NULL },
};
#define ECP_NB_CURVES sizeof( ecp_supported_curves ) / \
sizeof( ecp_supported_curves[0] )
static ecp_group_id ecp_supported_grp_id[ECP_NB_CURVES];
/*
* List of supported curves and associated info
*/
const ecp_curve_info *ecp_curve_list( void )
{
return ecp_supported_curves;
return( ecp_supported_curves );
}
/*
* Get the curve info for the internal identifer
* List of supported curves, group ID only
*/
const ecp_group_id *ecp_grp_id_list( void )
{
static int init_done = 0;
if( ! init_done )
{
size_t i = 0;
const ecp_curve_info *curve_info;
for( curve_info = ecp_curve_list();
curve_info->grp_id != POLARSSL_ECP_DP_NONE;
curve_info++ )
{
ecp_supported_grp_id[i++] = curve_info->grp_id;
}
ecp_supported_grp_id[i] = POLARSSL_ECP_DP_NONE;
init_done = 1;
}
return( ecp_supported_grp_id );
}
/*
* Get the curve info for the internal identifier
*/
const ecp_curve_info *ecp_curve_info_from_grp_id( ecp_group_id grp_id )
{
@ -258,7 +305,7 @@ void ecp_group_init( ecp_group *grp )
*/
void ecp_keypair_init( ecp_keypair *key )
{
if ( key == NULL )
if( key == NULL )
return;
ecp_group_init( &key->grp );
@ -305,7 +352,7 @@ void ecp_group_free( ecp_group *grp )
polarssl_free( grp->T );
}
memset( grp, 0, sizeof( ecp_group ) );
polarssl_zeroize( grp, sizeof( ecp_group ) );
}
/*
@ -313,7 +360,7 @@ void ecp_group_free( ecp_group *grp )
*/
void ecp_keypair_free( ecp_keypair *key )
{
if ( key == NULL )
if( key == NULL )
return;
ecp_group_free( &key->grp );
@ -443,16 +490,28 @@ cleanup:
* Import a point from unsigned binary data (SEC1 2.3.4)
*/
int ecp_point_read_binary( const ecp_group *grp, ecp_point *pt,
const unsigned char *buf, size_t ilen ) {
const unsigned char *buf, size_t ilen )
{
int ret;
size_t plen;
if( ilen == 1 && buf[0] == 0x00 )
if ( ilen < 1 )
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
if( buf[0] == 0x00 )
{
if( ilen == 1 )
return( ecp_set_zero( pt ) );
else
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
}
plen = mpi_size( &grp->P );
if( ilen != 2 * plen + 1 || buf[0] != 0x04 )
if( buf[0] != 0x04 )
return( POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE );
if( ilen != 2 * plen + 1 )
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
MPI_CHK( mpi_read_binary( &pt->X, buf + 1, plen ) );
@ -476,7 +535,7 @@ int ecp_tls_read_point( const ecp_group *grp, ecp_point *pt,
const unsigned char *buf_start;
/*
* We must have at least two bytes (1 for length, at least of for data)
* We must have at least two bytes (1 for length, at least one for data)
*/
if( buf_len < 2 )
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
@ -522,7 +581,7 @@ int ecp_tls_write_point( const ecp_group *grp, const ecp_point *pt,
buf[0] = (unsigned char) *olen;
++*olen;
return 0;
return( 0 );
}
/*
@ -611,7 +670,7 @@ int ecp_tls_write_group( const ecp_group *grp, size_t *olen,
buf[0] = curve_info->tls_id >> 8;
buf[1] = curve_info->tls_id & 0xFF;
return 0;
return( 0 );
}
/*
@ -1070,7 +1129,7 @@ static int ecp_randomize_jac( const ecp_group *grp, ecp_point *pt,
{
int ret;
mpi l, ll;
size_t p_size = (grp->pbits + 7) / 8;
size_t p_size = ( grp->pbits + 7 ) / 8;
int count = 0;
mpi_init( &l ); mpi_init( &ll );
@ -1081,7 +1140,7 @@ static int ecp_randomize_jac( const ecp_group *grp, ecp_point *pt,
mpi_fill_random( &l, p_size, f_rng, p_rng );
while( mpi_cmp_mpi( &l, &grp->P ) >= 0 )
mpi_shift_r( &l, 1 );
MPI_CHK( mpi_shift_r( &l, 1 ) );
if( count++ > 10 )
return( POLARSSL_ERR_ECP_RANDOM_FAILED );
@ -1194,7 +1253,7 @@ static int ecp_precompute_comb( const ecp_group *grp,
MPI_CHK( ecp_copy( &T[0], P ) );
k = 0;
for( i = 1; i < ( 1U << (w-1) ); i <<= 1 )
for( i = 1; i < ( 1U << ( w - 1 ) ); i <<= 1 )
{
cur = T + i;
MPI_CHK( ecp_copy( cur, T + ( i >> 1 ) ) );
@ -1211,7 +1270,7 @@ static int ecp_precompute_comb( const ecp_group *grp,
* Be careful to update T[2^l] only after using it!
*/
k = 0;
for( i = 1; i < ( 1U << (w-1) ); i <<= 1 )
for( i = 1; i < ( 1U << ( w - 1 ) ); i <<= 1 )
{
j = i;
while( j-- )
@ -1455,7 +1514,7 @@ static int ecp_randomize_mxz( const ecp_group *grp, ecp_point *P,
{
int ret;
mpi l;
size_t p_size = (grp->pbits + 7) / 8;
size_t p_size = ( grp->pbits + 7 ) / 8;
int count = 0;
mpi_init( &l );
@ -1466,7 +1525,7 @@ static int ecp_randomize_mxz( const ecp_group *grp, ecp_point *P,
mpi_fill_random( &l, p_size, f_rng, p_rng );
while( mpi_cmp_mpi( &l, &grp->P ) >= 0 )
mpi_shift_r( &l, 1 );
MPI_CHK( mpi_shift_r( &l, 1 ) );
if( count++ > 10 )
return( POLARSSL_ERR_ECP_RANDOM_FAILED );
@ -1554,7 +1613,7 @@ static int ecp_mul_mxz( ecp_group *grp, ecp_point *R,
ecp_point_init( &RP ); mpi_init( &PX );
/* Save PX and read from P before writing to R, in case P == R */
mpi_copy( &PX, &P->X );
MPI_CHK( mpi_copy( &PX, &P->X ) );
MPI_CHK( ecp_copy( &RP, P ) );
/* Set R to zero in modified x/z coordinates */
@ -1728,7 +1787,7 @@ int ecp_check_privkey( const ecp_group *grp, const mpi *d )
else
return( 0 );
}
#endif
#endif /* POLARSSL_ECP_MONTGOMERY */
#if defined(POLARSSL_ECP_SHORT_WEIERSTRASS)
if( ecp_get_type( grp ) == POLARSSL_ECP_TYPE_SHORT_WEIERSTRASS )
{
@ -1739,7 +1798,7 @@ int ecp_check_privkey( const ecp_group *grp, const mpi *d )
else
return( 0 );
}
#endif
#endif /* POLARSSL_ECP_SHORT_WEIERSTRASS */
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
}
@ -1752,7 +1811,7 @@ int ecp_gen_keypair( ecp_group *grp, mpi *d, ecp_point *Q,
void *p_rng )
{
int ret;
size_t n_size = (grp->nbits + 7) / 8;
size_t n_size = ( grp->nbits + 7 ) / 8;
#if defined(POLARSSL_ECP_MONTGOMERY)
if( ecp_get_type( grp ) == POLARSSL_ECP_TYPE_MONTGOMERY )
@ -1775,7 +1834,7 @@ int ecp_gen_keypair( ecp_group *grp, mpi *d, ecp_point *Q,
MPI_CHK( mpi_set_bit( d, 2, 0 ) );
}
else
#endif
#endif /* POLARSSL_ECP_MONTGOMERY */
#if defined(POLARSSL_ECP_SHORT_WEIERSTRASS)
if( ecp_get_type( grp ) == POLARSSL_ECP_TYPE_SHORT_WEIERSTRASS )
{
@ -1796,14 +1855,23 @@ int ecp_gen_keypair( ecp_group *grp, mpi *d, ecp_point *Q,
MPI_CHK( mpi_read_binary( d, rnd, n_size ) );
MPI_CHK( mpi_shift_r( d, 8 * n_size - grp->nbits ) );
if( count++ > 10 )
/*
* Each try has at worst a probability 1/2 of failing (the msb has
* a probability 1/2 of being 0, and then the result will be < N),
* so after 30 tries failure probability is a most 2**(-30).
*
* For most curves, 1 try is enough with overwhelming probability,
* since N starts with a lot of 1s in binary, but some curves
* such as secp224k1 are actually very close to the worst case.
*/
if( ++count > 30 )
return( POLARSSL_ERR_ECP_RANDOM_FAILED );
}
while( mpi_cmp_int( d, 1 ) < 0 ||
mpi_cmp_mpi( d, &grp->N ) >= 0 );
}
else
#endif
#endif /* POLARSSL_ECP_SHORT_WEIERSTRASS */
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
cleanup:
@ -1864,7 +1932,7 @@ int ecp_self_test( int verbose )
#endif
if( verbose != 0 )
printf( " ECP test #1 (constant op_count, base point G): " );
polarssl_printf( " ECP test #1 (constant op_count, base point G): " );
/* Do a dummy multiplication first to trigger precomputation */
MPI_CHK( mpi_lset( &m, 2 ) );
@ -1893,7 +1961,7 @@ int ecp_self_test( int verbose )
mul_count != mul_c_prev )
{
if( verbose != 0 )
printf( "failed (%u)\n", (unsigned int) i );
polarssl_printf( "failed (%u)\n", (unsigned int) i );
ret = 1;
goto cleanup;
@ -1901,10 +1969,10 @@ int ecp_self_test( int verbose )
}
if( verbose != 0 )
printf( "passed\n" );
polarssl_printf( "passed\n" );
if( verbose != 0 )
printf( " ECP test #2 (constant op_count, other point): " );
polarssl_printf( " ECP test #2 (constant op_count, other point): " );
/* We computed P = 2G last time, use it */
add_count = 0;
@ -1930,7 +1998,7 @@ int ecp_self_test( int verbose )
mul_count != mul_c_prev )
{
if( verbose != 0 )
printf( "failed (%u)\n", (unsigned int) i );
polarssl_printf( "failed (%u)\n", (unsigned int) i );
ret = 1;
goto cleanup;
@ -1938,12 +2006,12 @@ int ecp_self_test( int verbose )
}
if( verbose != 0 )
printf( "passed\n" );
polarssl_printf( "passed\n" );
cleanup:
if( ret < 0 && verbose != 0 )
printf( "Unexpected error, return code = %08X\n", ret );
polarssl_printf( "Unexpected error, return code = %08X\n", ret );
ecp_group_free( &grp );
ecp_point_free( &R );
@ -1951,11 +2019,11 @@ cleanup:
mpi_free( &m );
if( verbose != 0 )
printf( "\n" );
polarssl_printf( "\n" );
return( ret );
}
#endif
#endif /* POLARSSL_SELF_TEST */
#endif
#endif /* POLARSSL_ECP_C */

View File

@ -1,7 +1,7 @@
/*
* Elliptic curves over GF(p): curve-specific data and functions
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -23,7 +23,11 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_ECP_C)
@ -112,27 +116,27 @@
* Domain parameters for secp192r1
*/
#if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
static t_uint secp192r1_p[] = {
static const t_uint secp192r1_p[] = {
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
};
static t_uint secp192r1_b[] = {
static const t_uint secp192r1_b[] = {
BYTES_TO_T_UINT_8( 0xB1, 0xB9, 0x46, 0xC1, 0xEC, 0xDE, 0xB8, 0xFE ),
BYTES_TO_T_UINT_8( 0x49, 0x30, 0x24, 0x72, 0xAB, 0xE9, 0xA7, 0x0F ),
BYTES_TO_T_UINT_8( 0xE7, 0x80, 0x9C, 0xE5, 0x19, 0x05, 0x21, 0x64 ),
};
static t_uint secp192r1_gx[] = {
static const t_uint secp192r1_gx[] = {
BYTES_TO_T_UINT_8( 0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4 ),
BYTES_TO_T_UINT_8( 0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C ),
BYTES_TO_T_UINT_8( 0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18 ),
};
static t_uint secp192r1_gy[] = {
static const t_uint secp192r1_gy[] = {
BYTES_TO_T_UINT_8( 0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73 ),
BYTES_TO_T_UINT_8( 0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63 ),
BYTES_TO_T_UINT_8( 0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07 ),
};
static t_uint secp192r1_n[] = {
static const t_uint secp192r1_n[] = {
BYTES_TO_T_UINT_8( 0x31, 0x28, 0xD2, 0xB4, 0xB1, 0xC9, 0x6B, 0x14 ),
BYTES_TO_T_UINT_8( 0x36, 0xF8, 0xDE, 0x99, 0xFF, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
@ -143,31 +147,31 @@ static t_uint secp192r1_n[] = {
* Domain parameters for secp224r1
*/
#if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
static t_uint secp224r1_p[] = {
static const t_uint secp224r1_p[] = {
BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
};
static t_uint secp224r1_b[] = {
static const t_uint secp224r1_b[] = {
BYTES_TO_T_UINT_8( 0xB4, 0xFF, 0x55, 0x23, 0x43, 0x39, 0x0B, 0x27 ),
BYTES_TO_T_UINT_8( 0xBA, 0xD8, 0xBF, 0xD7, 0xB7, 0xB0, 0x44, 0x50 ),
BYTES_TO_T_UINT_8( 0x56, 0x32, 0x41, 0xF5, 0xAB, 0xB3, 0x04, 0x0C ),
BYTES_TO_T_UINT_4( 0x85, 0x0A, 0x05, 0xB4 ),
};
static t_uint secp224r1_gx[] = {
static const t_uint secp224r1_gx[] = {
BYTES_TO_T_UINT_8( 0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34 ),
BYTES_TO_T_UINT_8( 0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A ),
BYTES_TO_T_UINT_8( 0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B ),
BYTES_TO_T_UINT_4( 0xBD, 0x0C, 0x0E, 0xB7 ),
};
static t_uint secp224r1_gy[] = {
static const t_uint secp224r1_gy[] = {
BYTES_TO_T_UINT_8( 0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44 ),
BYTES_TO_T_UINT_8( 0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD ),
BYTES_TO_T_UINT_8( 0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5 ),
BYTES_TO_T_UINT_4( 0x88, 0x63, 0x37, 0xBD ),
};
static t_uint secp224r1_n[] = {
static const t_uint secp224r1_n[] = {
BYTES_TO_T_UINT_8( 0x3D, 0x2A, 0x5C, 0x5C, 0x45, 0x29, 0xDD, 0x13 ),
BYTES_TO_T_UINT_8( 0x3E, 0xF0, 0xB8, 0xE0, 0xA2, 0x16, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
@ -179,31 +183,31 @@ static t_uint secp224r1_n[] = {
* Domain parameters for secp256r1
*/
#if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
static t_uint secp256r1_p[] = {
static const t_uint secp256r1_p[] = {
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
};
static t_uint secp256r1_b[] = {
static const t_uint secp256r1_b[] = {
BYTES_TO_T_UINT_8( 0x4B, 0x60, 0xD2, 0x27, 0x3E, 0x3C, 0xCE, 0x3B ),
BYTES_TO_T_UINT_8( 0xF6, 0xB0, 0x53, 0xCC, 0xB0, 0x06, 0x1D, 0x65 ),
BYTES_TO_T_UINT_8( 0xBC, 0x86, 0x98, 0x76, 0x55, 0xBD, 0xEB, 0xB3 ),
BYTES_TO_T_UINT_8( 0xE7, 0x93, 0x3A, 0xAA, 0xD8, 0x35, 0xC6, 0x5A ),
};
static t_uint secp256r1_gx[] = {
static const t_uint secp256r1_gx[] = {
BYTES_TO_T_UINT_8( 0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4 ),
BYTES_TO_T_UINT_8( 0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77 ),
BYTES_TO_T_UINT_8( 0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8 ),
BYTES_TO_T_UINT_8( 0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B ),
};
static t_uint secp256r1_gy[] = {
static const t_uint secp256r1_gy[] = {
BYTES_TO_T_UINT_8( 0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB ),
BYTES_TO_T_UINT_8( 0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B ),
BYTES_TO_T_UINT_8( 0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E ),
BYTES_TO_T_UINT_8( 0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F ),
};
static t_uint secp256r1_n[] = {
static const t_uint secp256r1_n[] = {
BYTES_TO_T_UINT_8( 0x51, 0x25, 0x63, 0xFC, 0xC2, 0xCA, 0xB9, 0xF3 ),
BYTES_TO_T_UINT_8( 0x84, 0x9E, 0x17, 0xA7, 0xAD, 0xFA, 0xE6, 0xBC ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
@ -215,7 +219,7 @@ static t_uint secp256r1_n[] = {
* Domain parameters for secp384r1
*/
#if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
static t_uint secp384r1_p[] = {
static const t_uint secp384r1_p[] = {
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
@ -223,7 +227,7 @@ static t_uint secp384r1_p[] = {
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
};
static t_uint secp384r1_b[] = {
static const t_uint secp384r1_b[] = {
BYTES_TO_T_UINT_8( 0xEF, 0x2A, 0xEC, 0xD3, 0xED, 0xC8, 0x85, 0x2A ),
BYTES_TO_T_UINT_8( 0x9D, 0xD1, 0x2E, 0x8A, 0x8D, 0x39, 0x56, 0xC6 ),
BYTES_TO_T_UINT_8( 0x5A, 0x87, 0x13, 0x50, 0x8F, 0x08, 0x14, 0x03 ),
@ -231,7 +235,7 @@ static t_uint secp384r1_b[] = {
BYTES_TO_T_UINT_8( 0x19, 0x2D, 0xF8, 0xE3, 0x6B, 0x05, 0x8E, 0x98 ),
BYTES_TO_T_UINT_8( 0xE4, 0xE7, 0x3E, 0xE2, 0xA7, 0x2F, 0x31, 0xB3 ),
};
static t_uint secp384r1_gx[] = {
static const t_uint secp384r1_gx[] = {
BYTES_TO_T_UINT_8( 0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A ),
BYTES_TO_T_UINT_8( 0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55 ),
BYTES_TO_T_UINT_8( 0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59 ),
@ -239,7 +243,7 @@ static t_uint secp384r1_gx[] = {
BYTES_TO_T_UINT_8( 0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E ),
BYTES_TO_T_UINT_8( 0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA ),
};
static t_uint secp384r1_gy[] = {
static const t_uint secp384r1_gy[] = {
BYTES_TO_T_UINT_8( 0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A ),
BYTES_TO_T_UINT_8( 0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A ),
BYTES_TO_T_UINT_8( 0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9 ),
@ -247,7 +251,7 @@ static t_uint secp384r1_gy[] = {
BYTES_TO_T_UINT_8( 0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D ),
BYTES_TO_T_UINT_8( 0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36 ),
};
static t_uint secp384r1_n[] = {
static const t_uint secp384r1_n[] = {
BYTES_TO_T_UINT_8( 0x73, 0x29, 0xC5, 0xCC, 0x6A, 0x19, 0xEC, 0xEC ),
BYTES_TO_T_UINT_8( 0x7A, 0xA7, 0xB0, 0x48, 0xB2, 0x0D, 0x1A, 0x58 ),
BYTES_TO_T_UINT_8( 0xDF, 0x2D, 0x37, 0xF4, 0x81, 0x4D, 0x63, 0xC7 ),
@ -261,7 +265,7 @@ static t_uint secp384r1_n[] = {
* Domain parameters for secp521r1
*/
#if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
static t_uint secp521r1_p[] = {
static const t_uint secp521r1_p[] = {
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
@ -272,7 +276,7 @@ static t_uint secp521r1_p[] = {
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_2( 0xFF, 0x01 ),
};
static t_uint secp521r1_b[] = {
static const t_uint secp521r1_b[] = {
BYTES_TO_T_UINT_8( 0x00, 0x3F, 0x50, 0x6B, 0xD4, 0x1F, 0x45, 0xEF ),
BYTES_TO_T_UINT_8( 0xF1, 0x34, 0x2C, 0x3D, 0x88, 0xDF, 0x73, 0x35 ),
BYTES_TO_T_UINT_8( 0x07, 0xBF, 0xB1, 0x3B, 0xBD, 0xC0, 0x52, 0x16 ),
@ -283,7 +287,7 @@ static t_uint secp521r1_b[] = {
BYTES_TO_T_UINT_8( 0x1F, 0x9A, 0x1C, 0x8E, 0x61, 0xB9, 0x3E, 0x95 ),
BYTES_TO_T_UINT_2( 0x51, 0x00 ),
};
static t_uint secp521r1_gx[] = {
static const t_uint secp521r1_gx[] = {
BYTES_TO_T_UINT_8( 0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9 ),
BYTES_TO_T_UINT_8( 0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33 ),
BYTES_TO_T_UINT_8( 0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE ),
@ -294,7 +298,7 @@ static t_uint secp521r1_gx[] = {
BYTES_TO_T_UINT_8( 0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85 ),
BYTES_TO_T_UINT_2( 0xC6, 0x00 ),
};
static t_uint secp521r1_gy[] = {
static const t_uint secp521r1_gy[] = {
BYTES_TO_T_UINT_8( 0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88 ),
BYTES_TO_T_UINT_8( 0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35 ),
BYTES_TO_T_UINT_8( 0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5 ),
@ -305,7 +309,7 @@ static t_uint secp521r1_gy[] = {
BYTES_TO_T_UINT_8( 0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39 ),
BYTES_TO_T_UINT_2( 0x18, 0x01 ),
};
static t_uint secp521r1_n[] = {
static const t_uint secp521r1_n[] = {
BYTES_TO_T_UINT_8( 0x09, 0x64, 0x38, 0x91, 0x1E, 0xB7, 0x6F, 0xBB ),
BYTES_TO_T_UINT_8( 0xAE, 0x47, 0x9C, 0x89, 0xB8, 0xC9, 0xB5, 0x3B ),
BYTES_TO_T_UINT_8( 0xD0, 0xA5, 0x09, 0xF7, 0x48, 0x01, 0xCC, 0x7F ),
@ -319,28 +323,28 @@ static t_uint secp521r1_n[] = {
#endif /* POLARSSL_ECP_DP_SECP521R1_ENABLED */
#if defined(POLARSSL_ECP_DP_SECP192K1_ENABLED)
static t_uint secp192k1_p[] = {
static const t_uint secp192k1_p[] = {
BYTES_TO_T_UINT_8( 0x37, 0xEE, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
};
static t_uint secp192k1_a[] = {
static const t_uint secp192k1_a[] = {
BYTES_TO_T_UINT_2( 0x00, 0x00 ),
};
static t_uint secp192k1_b[] = {
static const t_uint secp192k1_b[] = {
BYTES_TO_T_UINT_2( 0x03, 0x00 ),
};
static t_uint secp192k1_gx[] = {
static const t_uint secp192k1_gx[] = {
BYTES_TO_T_UINT_8( 0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D ),
BYTES_TO_T_UINT_8( 0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26 ),
BYTES_TO_T_UINT_8( 0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB ),
};
static t_uint secp192k1_gy[] = {
static const t_uint secp192k1_gy[] = {
BYTES_TO_T_UINT_8( 0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40 ),
BYTES_TO_T_UINT_8( 0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84 ),
BYTES_TO_T_UINT_8( 0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B ),
};
static t_uint secp192k1_n[] = {
static const t_uint secp192k1_n[] = {
BYTES_TO_T_UINT_8( 0x8D, 0xFD, 0xDE, 0x74, 0x6A, 0x46, 0x69, 0x0F ),
BYTES_TO_T_UINT_8( 0x17, 0xFC, 0xF2, 0x26, 0xFE, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
@ -348,31 +352,31 @@ static t_uint secp192k1_n[] = {
#endif /* POLARSSL_ECP_DP_SECP192K1_ENABLED */
#if defined(POLARSSL_ECP_DP_SECP224K1_ENABLED)
static t_uint secp224k1_p[] = {
static const t_uint secp224k1_p[] = {
BYTES_TO_T_UINT_8( 0x6D, 0xE5, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ),
};
static t_uint secp224k1_a[] = {
static const t_uint secp224k1_a[] = {
BYTES_TO_T_UINT_2( 0x00, 0x00 ),
};
static t_uint secp224k1_b[] = {
static const t_uint secp224k1_b[] = {
BYTES_TO_T_UINT_2( 0x05, 0x00 ),
};
static t_uint secp224k1_gx[] = {
static const t_uint secp224k1_gx[] = {
BYTES_TO_T_UINT_8( 0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F ),
BYTES_TO_T_UINT_8( 0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69 ),
BYTES_TO_T_UINT_8( 0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D ),
BYTES_TO_T_UINT_4( 0x33, 0x5B, 0x45, 0xA1 ),
};
static t_uint secp224k1_gy[] = {
static const t_uint secp224k1_gy[] = {
BYTES_TO_T_UINT_8( 0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2 ),
BYTES_TO_T_UINT_8( 0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7 ),
BYTES_TO_T_UINT_8( 0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F ),
BYTES_TO_T_UINT_4( 0xED, 0x9F, 0x08, 0x7E ),
};
static t_uint secp224k1_n[] = {
static const t_uint secp224k1_n[] = {
BYTES_TO_T_UINT_8( 0xF7, 0xB1, 0x9F, 0x76, 0x71, 0xA9, 0xF0, 0xCA ),
BYTES_TO_T_UINT_8( 0x84, 0x61, 0xEC, 0xD2, 0xE8, 0xDC, 0x01, 0x00 ),
BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
@ -381,31 +385,31 @@ static t_uint secp224k1_n[] = {
#endif /* POLARSSL_ECP_DP_SECP224K1_ENABLED */
#if defined(POLARSSL_ECP_DP_SECP256K1_ENABLED)
static t_uint secp256k1_p[] = {
static const t_uint secp256k1_p[] = {
BYTES_TO_T_UINT_8( 0x2F, 0xFC, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
};
static t_uint secp256k1_a[] = {
static const t_uint secp256k1_a[] = {
BYTES_TO_T_UINT_2( 0x00, 0x00 ),
};
static t_uint secp256k1_b[] = {
static const t_uint secp256k1_b[] = {
BYTES_TO_T_UINT_2( 0x07, 0x00 ),
};
static t_uint secp256k1_gx[] = {
static const t_uint secp256k1_gx[] = {
BYTES_TO_T_UINT_8( 0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59 ),
BYTES_TO_T_UINT_8( 0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02 ),
BYTES_TO_T_UINT_8( 0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55 ),
BYTES_TO_T_UINT_8( 0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79 ),
};
static t_uint secp256k1_gy[] = {
static const t_uint secp256k1_gy[] = {
BYTES_TO_T_UINT_8( 0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C ),
BYTES_TO_T_UINT_8( 0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD ),
BYTES_TO_T_UINT_8( 0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D ),
BYTES_TO_T_UINT_8( 0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48 ),
};
static t_uint secp256k1_n[] = {
static const t_uint secp256k1_n[] = {
BYTES_TO_T_UINT_8( 0x41, 0x41, 0x36, 0xD0, 0x8C, 0x5E, 0xD2, 0xBF ),
BYTES_TO_T_UINT_8( 0x3B, 0xA0, 0x48, 0xAF, 0xE6, 0xDC, 0xAE, 0xBA ),
BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
@ -417,37 +421,37 @@ static t_uint secp256k1_n[] = {
* Domain parameters for brainpoolP256r1 (RFC 5639 3.4)
*/
#if defined(POLARSSL_ECP_DP_BP256R1_ENABLED)
static t_uint brainpoolP256r1_p[] = {
static const t_uint brainpoolP256r1_p[] = {
BYTES_TO_T_UINT_8( 0x77, 0x53, 0x6E, 0x1F, 0x1D, 0x48, 0x13, 0x20 ),
BYTES_TO_T_UINT_8( 0x28, 0x20, 0x26, 0xD5, 0x23, 0xF6, 0x3B, 0x6E ),
BYTES_TO_T_UINT_8( 0x72, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ),
BYTES_TO_T_UINT_8( 0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9 ),
};
static t_uint brainpoolP256r1_a[] = {
static const t_uint brainpoolP256r1_a[] = {
BYTES_TO_T_UINT_8( 0xD9, 0xB5, 0x30, 0xF3, 0x44, 0x4B, 0x4A, 0xE9 ),
BYTES_TO_T_UINT_8( 0x6C, 0x5C, 0xDC, 0x26, 0xC1, 0x55, 0x80, 0xFB ),
BYTES_TO_T_UINT_8( 0xE7, 0xFF, 0x7A, 0x41, 0x30, 0x75, 0xF6, 0xEE ),
BYTES_TO_T_UINT_8( 0x57, 0x30, 0x2C, 0xFC, 0x75, 0x09, 0x5A, 0x7D ),
};
static t_uint brainpoolP256r1_b[] = {
static const t_uint brainpoolP256r1_b[] = {
BYTES_TO_T_UINT_8( 0xB6, 0x07, 0x8C, 0xFF, 0x18, 0xDC, 0xCC, 0x6B ),
BYTES_TO_T_UINT_8( 0xCE, 0xE1, 0xF7, 0x5C, 0x29, 0x16, 0x84, 0x95 ),
BYTES_TO_T_UINT_8( 0xBF, 0x7C, 0xD7, 0xBB, 0xD9, 0xB5, 0x30, 0xF3 ),
BYTES_TO_T_UINT_8( 0x44, 0x4B, 0x4A, 0xE9, 0x6C, 0x5C, 0xDC, 0x26 ),
};
static t_uint brainpoolP256r1_gx[] = {
static const t_uint brainpoolP256r1_gx[] = {
BYTES_TO_T_UINT_8( 0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A ),
BYTES_TO_T_UINT_8( 0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9 ),
BYTES_TO_T_UINT_8( 0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C ),
BYTES_TO_T_UINT_8( 0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B ),
};
static t_uint brainpoolP256r1_gy[] = {
static const t_uint brainpoolP256r1_gy[] = {
BYTES_TO_T_UINT_8( 0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C ),
BYTES_TO_T_UINT_8( 0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2 ),
BYTES_TO_T_UINT_8( 0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97 ),
BYTES_TO_T_UINT_8( 0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54 ),
};
static t_uint brainpoolP256r1_n[] = {
static const t_uint brainpoolP256r1_n[] = {
BYTES_TO_T_UINT_8( 0xA7, 0x56, 0x48, 0x97, 0x82, 0x0E, 0x1E, 0x90 ),
BYTES_TO_T_UINT_8( 0xF7, 0xA6, 0x61, 0xB5, 0xA3, 0x7A, 0x39, 0x8C ),
BYTES_TO_T_UINT_8( 0x71, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ),
@ -459,7 +463,7 @@ static t_uint brainpoolP256r1_n[] = {
* Domain parameters for brainpoolP384r1 (RFC 5639 3.6)
*/
#if defined(POLARSSL_ECP_DP_BP384R1_ENABLED)
static t_uint brainpoolP384r1_p[] = {
static const t_uint brainpoolP384r1_p[] = {
BYTES_TO_T_UINT_8( 0x53, 0xEC, 0x07, 0x31, 0x13, 0x00, 0x47, 0x87 ),
BYTES_TO_T_UINT_8( 0x71, 0x1A, 0x1D, 0x90, 0x29, 0xA7, 0xD3, 0xAC ),
BYTES_TO_T_UINT_8( 0x23, 0x11, 0xB7, 0x7F, 0x19, 0xDA, 0xB1, 0x12 ),
@ -467,7 +471,7 @@ static t_uint brainpoolP384r1_p[] = {
BYTES_TO_T_UINT_8( 0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F ),
BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C ),
};
static t_uint brainpoolP384r1_a[] = {
static const t_uint brainpoolP384r1_a[] = {
BYTES_TO_T_UINT_8( 0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04 ),
BYTES_TO_T_UINT_8( 0xEB, 0xD4, 0x3A, 0x50, 0x4A, 0x81, 0xA5, 0x8A ),
BYTES_TO_T_UINT_8( 0x0F, 0xF9, 0x91, 0xBA, 0xEF, 0x65, 0x91, 0x13 ),
@ -475,7 +479,7 @@ static t_uint brainpoolP384r1_a[] = {
BYTES_TO_T_UINT_8( 0xA0, 0xAF, 0x05, 0xCE, 0x0A, 0x08, 0x72, 0x3C ),
BYTES_TO_T_UINT_8( 0x0C, 0x15, 0x8C, 0x3D, 0xC6, 0x82, 0xC3, 0x7B ),
};
static t_uint brainpoolP384r1_b[] = {
static const t_uint brainpoolP384r1_b[] = {
BYTES_TO_T_UINT_8( 0x11, 0x4C, 0x50, 0xFA, 0x96, 0x86, 0xB7, 0x3A ),
BYTES_TO_T_UINT_8( 0x94, 0xC9, 0xDB, 0x95, 0x02, 0x39, 0xB4, 0x7C ),
BYTES_TO_T_UINT_8( 0xD5, 0x62, 0xEB, 0x3E, 0xA5, 0x0E, 0x88, 0x2E ),
@ -483,7 +487,7 @@ static t_uint brainpoolP384r1_b[] = {
BYTES_TO_T_UINT_8( 0x7C, 0x44, 0xF0, 0x16, 0x54, 0xB5, 0x39, 0x8B ),
BYTES_TO_T_UINT_8( 0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04 ),
};
static t_uint brainpoolP384r1_gx[] = {
static const t_uint brainpoolP384r1_gx[] = {
BYTES_TO_T_UINT_8( 0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF ),
BYTES_TO_T_UINT_8( 0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8 ),
BYTES_TO_T_UINT_8( 0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB ),
@ -491,7 +495,7 @@ static t_uint brainpoolP384r1_gx[] = {
BYTES_TO_T_UINT_8( 0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2 ),
BYTES_TO_T_UINT_8( 0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D ),
};
static t_uint brainpoolP384r1_gy[] = {
static const t_uint brainpoolP384r1_gy[] = {
BYTES_TO_T_UINT_8( 0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42 ),
BYTES_TO_T_UINT_8( 0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E ),
BYTES_TO_T_UINT_8( 0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1 ),
@ -499,7 +503,7 @@ static t_uint brainpoolP384r1_gy[] = {
BYTES_TO_T_UINT_8( 0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C ),
BYTES_TO_T_UINT_8( 0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A ),
};
static t_uint brainpoolP384r1_n[] = {
static const t_uint brainpoolP384r1_n[] = {
BYTES_TO_T_UINT_8( 0x65, 0x65, 0x04, 0xE9, 0x02, 0x32, 0x88, 0x3B ),
BYTES_TO_T_UINT_8( 0x10, 0xC3, 0x7F, 0x6B, 0xAF, 0xB6, 0x3A, 0xCF ),
BYTES_TO_T_UINT_8( 0xA7, 0x25, 0x04, 0xAC, 0x6C, 0x6E, 0x16, 0x1F ),
@ -513,7 +517,7 @@ static t_uint brainpoolP384r1_n[] = {
* Domain parameters for brainpoolP512r1 (RFC 5639 3.7)
*/
#if defined(POLARSSL_ECP_DP_BP512R1_ENABLED)
static t_uint brainpoolP512r1_p[] = {
static const t_uint brainpoolP512r1_p[] = {
BYTES_TO_T_UINT_8( 0xF3, 0x48, 0x3A, 0x58, 0x56, 0x60, 0xAA, 0x28 ),
BYTES_TO_T_UINT_8( 0x85, 0xC6, 0x82, 0x2D, 0x2F, 0xFF, 0x81, 0x28 ),
BYTES_TO_T_UINT_8( 0xE6, 0x80, 0xA3, 0xE6, 0x2A, 0xA1, 0xCD, 0xAE ),
@ -523,7 +527,7 @@ static t_uint brainpoolP512r1_p[] = {
BYTES_TO_T_UINT_8( 0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F ),
BYTES_TO_T_UINT_8( 0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA ),
};
static t_uint brainpoolP512r1_a[] = {
static const t_uint brainpoolP512r1_a[] = {
BYTES_TO_T_UINT_8( 0xCA, 0x94, 0xFC, 0x77, 0x4D, 0xAC, 0xC1, 0xE7 ),
BYTES_TO_T_UINT_8( 0xB9, 0xC7, 0xF2, 0x2B, 0xA7, 0x17, 0x11, 0x7F ),
BYTES_TO_T_UINT_8( 0xB5, 0xC8, 0x9A, 0x8B, 0xC9, 0xF1, 0x2E, 0x0A ),
@ -533,7 +537,7 @@ static t_uint brainpoolP512r1_a[] = {
BYTES_TO_T_UINT_8( 0xC5, 0x4C, 0x23, 0xAC, 0x45, 0x71, 0x32, 0xE2 ),
BYTES_TO_T_UINT_8( 0x89, 0x3B, 0x60, 0x8B, 0x31, 0xA3, 0x30, 0x78 ),
};
static t_uint brainpoolP512r1_b[] = {
static const t_uint brainpoolP512r1_b[] = {
BYTES_TO_T_UINT_8( 0x23, 0xF7, 0x16, 0x80, 0x63, 0xBD, 0x09, 0x28 ),
BYTES_TO_T_UINT_8( 0xDD, 0xE5, 0xBA, 0x5E, 0xB7, 0x50, 0x40, 0x98 ),
BYTES_TO_T_UINT_8( 0x67, 0x3E, 0x08, 0xDC, 0xCA, 0x94, 0xFC, 0x77 ),
@ -543,7 +547,7 @@ static t_uint brainpoolP512r1_b[] = {
BYTES_TO_T_UINT_8( 0x5A, 0x5D, 0xED, 0x2D, 0xBC, 0x63, 0x98, 0xEA ),
BYTES_TO_T_UINT_8( 0xCA, 0x41, 0x34, 0xA8, 0x10, 0x16, 0xF9, 0x3D ),
};
static t_uint brainpoolP512r1_gx[] = {
static const t_uint brainpoolP512r1_gx[] = {
BYTES_TO_T_UINT_8( 0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B ),
BYTES_TO_T_UINT_8( 0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C ),
BYTES_TO_T_UINT_8( 0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50 ),
@ -553,7 +557,7 @@ static t_uint brainpoolP512r1_gx[] = {
BYTES_TO_T_UINT_8( 0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A ),
BYTES_TO_T_UINT_8( 0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81 ),
};
static t_uint brainpoolP512r1_gy[] = {
static const t_uint brainpoolP512r1_gy[] = {
BYTES_TO_T_UINT_8( 0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78 ),
BYTES_TO_T_UINT_8( 0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1 ),
BYTES_TO_T_UINT_8( 0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B ),
@ -563,7 +567,7 @@ static t_uint brainpoolP512r1_gy[] = {
BYTES_TO_T_UINT_8( 0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0 ),
BYTES_TO_T_UINT_8( 0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D ),
};
static t_uint brainpoolP512r1_n[] = {
static const t_uint brainpoolP512r1_n[] = {
BYTES_TO_T_UINT_8( 0x69, 0x00, 0xA9, 0x9C, 0x82, 0x96, 0x87, 0xB5 ),
BYTES_TO_T_UINT_8( 0xDD, 0xDA, 0x5D, 0x08, 0x81, 0xD3, 0xB1, 0x1D ),
BYTES_TO_T_UINT_8( 0x47, 0x10, 0xAC, 0x7F, 0x19, 0x61, 0x86, 0x41 ),
@ -1233,7 +1237,7 @@ static int ecp_mod_p255( mpi *N )
M.n++; /* Make room for multiplication by 19 */
/* N = A0 */
mpi_set_bit( N, 255, 0 );
MPI_CHK( mpi_set_bit( N, 255, 0 ) );
for( i = P255_WIDTH; i < N->n; i++ )
N->p[i] = 0;
@ -1284,12 +1288,12 @@ static inline int ecp_mod_koblitz( mpi *N, t_uint *Rp, size_t p_limbs,
M.n = p_limbs + adjust;
memset( Mp, 0, sizeof Mp );
memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( t_uint ) );
if (shift != 0 )
if( shift != 0 )
MPI_CHK( mpi_shift_r( &M, shift ) );
M.n += R.n - adjust; /* Make room for multiplication by R */
/* N = A0 */
if (mask != 0 )
if( mask != 0 )
N->p[p_limbs - 1] &= mask;
for( i = p_limbs; i < N->n; i++ )
N->p[i] = 0;
@ -1306,12 +1310,12 @@ static inline int ecp_mod_koblitz( mpi *N, t_uint *Rp, size_t p_limbs,
M.n = p_limbs + adjust;
memset( Mp, 0, sizeof Mp );
memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( t_uint ) );
if (shift != 0 )
if( shift != 0 )
MPI_CHK( mpi_shift_r( &M, shift ) );
M.n += R.n - adjust; /* Make room for multiplication by R */
/* N = A0 */
if (mask != 0 )
if( mask != 0 )
N->p[p_limbs - 1] &= mask;
for( i = p_limbs; i < N->n; i++ )
N->p[i] = 0;
@ -1373,4 +1377,4 @@ static int ecp_mod_p256k1( mpi *N )
}
#endif /* POLARSSL_ECP_DP_SECP256K1_ENABLED */
#endif
#endif /* POLARSSL_ECP_C */

View File

@ -1,7 +1,7 @@
/*
* Entropy accumulator implementation
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -23,17 +23,30 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_ENTROPY_C)
#include "polarssl/entropy.h"
#include "polarssl/entropy_poll.h"
#if defined(POLARSSL_FS_IO)
#include <stdio.h>
#endif
#if defined(POLARSSL_HAVEGE_C)
#include "polarssl/havege.h"
#endif
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
#define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */
void entropy_init( entropy_context *ctx )
@ -70,7 +83,10 @@ void entropy_init( entropy_context *ctx )
void entropy_free( entropy_context *ctx )
{
((void) ctx);
#if defined(POLARSSL_HAVEGE_C)
havege_free( &ctx->havege_data );
#endif
polarssl_zeroize( ctx, sizeof( entropy_context ) );
#if defined(POLARSSL_THREADING_C)
polarssl_mutex_free( &ctx->mutex );
#endif
@ -80,10 +96,19 @@ int entropy_add_source( entropy_context *ctx,
f_source_ptr f_source, void *p_source,
size_t threshold )
{
int index = ctx->source_count;
int index, ret = 0;
#if defined(POLARSSL_THREADING_C)
if( ( ret = polarssl_mutex_lock( &ctx->mutex ) ) != 0 )
return( ret );
#endif
index = ctx->source_count;
if( index >= ENTROPY_MAX_SOURCES )
return( POLARSSL_ERR_ENTROPY_MAX_SOURCES );
{
ret = POLARSSL_ERR_ENTROPY_MAX_SOURCES;
goto exit;
}
ctx->source[index].f_source = f_source;
ctx->source[index].p_source = p_source;
@ -91,7 +116,13 @@ int entropy_add_source( entropy_context *ctx,
ctx->source_count++;
return( 0 );
exit:
#if defined(POLARSSL_THREADING_C)
if( polarssl_mutex_unlock( &ctx->mutex ) != 0 )
return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
#endif
return( ret );
}
/*
@ -133,13 +164,27 @@ static int entropy_update( entropy_context *ctx, unsigned char source_id,
int entropy_update_manual( entropy_context *ctx,
const unsigned char *data, size_t len )
{
return entropy_update( ctx, ENTROPY_SOURCE_MANUAL, data, len );
int ret;
#if defined(POLARSSL_THREADING_C)
if( ( ret = polarssl_mutex_lock( &ctx->mutex ) ) != 0 )
return( ret );
#endif
ret = entropy_update( ctx, ENTROPY_SOURCE_MANUAL, data, len );
#if defined(POLARSSL_THREADING_C)
if( polarssl_mutex_unlock( &ctx->mutex ) != 0 )
return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
#endif
return( ret );
}
/*
* Run through the different sources to add entropy to our accumulator
*/
int entropy_gather( entropy_context *ctx )
static int entropy_gather_internal( entropy_context *ctx )
{
int ret, i;
unsigned char buf[ENTROPY_MAX_GATHER];
@ -154,7 +199,7 @@ int entropy_gather( entropy_context *ctx )
for( i = 0; i < ctx->source_count; i++ )
{
olen = 0;
if ( ( ret = ctx->source[i].f_source( ctx->source[i].p_source,
if( ( ret = ctx->source[i].f_source( ctx->source[i].p_source,
buf, ENTROPY_MAX_GATHER, &olen ) ) != 0 )
{
return( ret );
@ -173,6 +218,28 @@ int entropy_gather( entropy_context *ctx )
return( 0 );
}
/*
* Thread-safe wrapper for entropy_gather_internal()
*/
int entropy_gather( entropy_context *ctx )
{
int ret;
#if defined(POLARSSL_THREADING_C)
if( ( ret = polarssl_mutex_lock( &ctx->mutex ) ) != 0 )
return( ret );
#endif
ret = entropy_gather_internal( ctx );
#if defined(POLARSSL_THREADING_C)
if( polarssl_mutex_unlock( &ctx->mutex ) != 0 )
return( POLARSSL_ERR_THREADING_MUTEX_ERROR );
#endif
return( ret );
}
int entropy_func( void *data, unsigned char *output, size_t len )
{
int ret, count = 0, i, reached;
@ -198,7 +265,7 @@ int entropy_func( void *data, unsigned char *output, size_t len )
goto exit;
}
if( ( ret = entropy_gather( ctx ) ) != 0 )
if( ( ret = entropy_gather_internal( ctx ) ) != 0 )
goto exit;
reached = 0;
@ -214,24 +281,19 @@ int entropy_func( void *data, unsigned char *output, size_t len )
#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
sha512_finish( &ctx->accumulator, buf );
/*
* Perform second SHA-512 on entropy
*/
sha512( buf, ENTROPY_BLOCK_SIZE, buf, 0 );
/*
* Reset accumulator and counters and recycle existing entropy
*/
memset( &ctx->accumulator, 0, sizeof( sha512_context ) );
sha512_starts( &ctx->accumulator, 0 );
sha512_update( &ctx->accumulator, buf, ENTROPY_BLOCK_SIZE );
#else /* POLARSSL_ENTROPY_SHA512_ACCUMULATOR */
sha256_finish( &ctx->accumulator, buf );
/*
* Perform second SHA-256 on entropy
* Perform second SHA-512 on entropy
*/
sha256( buf, ENTROPY_BLOCK_SIZE, buf, 0 );
sha512( buf, ENTROPY_BLOCK_SIZE, buf, 0 );
#else /* POLARSSL_ENTROPY_SHA512_ACCUMULATOR */
sha256_finish( &ctx->accumulator, buf );
/*
* Reset accumulator and counters and recycle existing entropy
@ -239,6 +301,11 @@ int entropy_func( void *data, unsigned char *output, size_t len )
memset( &ctx->accumulator, 0, sizeof( sha256_context ) );
sha256_starts( &ctx->accumulator, 0 );
sha256_update( &ctx->accumulator, buf, ENTROPY_BLOCK_SIZE );
/*
* Perform second SHA-256 on entropy
*/
sha256( buf, ENTROPY_BLOCK_SIZE, buf, 0 );
#endif /* POLARSSL_ENTROPY_SHA512_ACCUMULATOR */
for( i = 0; i < ctx->source_count; i++ )
@ -257,4 +324,154 @@ exit:
return( ret );
}
#if defined(POLARSSL_FS_IO)
int entropy_write_seed_file( entropy_context *ctx, const char *path )
{
int ret = POLARSSL_ERR_ENTROPY_FILE_IO_ERROR;
FILE *f;
unsigned char buf[ENTROPY_BLOCK_SIZE];
if( ( f = fopen( path, "wb" ) ) == NULL )
return( POLARSSL_ERR_ENTROPY_FILE_IO_ERROR );
if( ( ret = entropy_func( ctx, buf, ENTROPY_BLOCK_SIZE ) ) != 0 )
goto exit;
if( fwrite( buf, 1, ENTROPY_BLOCK_SIZE, f ) != ENTROPY_BLOCK_SIZE )
{
ret = POLARSSL_ERR_ENTROPY_FILE_IO_ERROR;
goto exit;
}
ret = 0;
exit:
fclose( f );
return( ret );
}
int entropy_update_seed_file( entropy_context *ctx, const char *path )
{
FILE *f;
size_t n;
unsigned char buf[ ENTROPY_MAX_SEED_SIZE ];
if( ( f = fopen( path, "rb" ) ) == NULL )
return( POLARSSL_ERR_ENTROPY_FILE_IO_ERROR );
fseek( f, 0, SEEK_END );
n = (size_t) ftell( f );
fseek( f, 0, SEEK_SET );
if( n > ENTROPY_MAX_SEED_SIZE )
n = ENTROPY_MAX_SEED_SIZE;
if( fread( buf, 1, n, f ) != n )
{
fclose( f );
return( POLARSSL_ERR_ENTROPY_FILE_IO_ERROR );
}
fclose( f );
entropy_update_manual( ctx, buf, n );
return( entropy_write_seed_file( ctx, path ) );
}
#endif /* POLARSSL_FS_IO */
#if defined(POLARSSL_SELF_TEST)
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#include <stdio.h>
#define polarssl_printf printf
#endif
/*
* Dummy source function
*/
static int entropy_dummy_source( void *data, unsigned char *output,
size_t len, size_t *olen )
{
((void) data);
memset( output, 0x2a, len );
*olen = len;
return( 0 );
}
/*
* The actual entropy quality is hard to test, but we can at least
* test that the functions don't cause errors and write the correct
* amount of data to buffers.
*/
int entropy_self_test( int verbose )
{
int ret = 0;
entropy_context ctx;
unsigned char buf[ENTROPY_BLOCK_SIZE] = { 0 };
unsigned char acc[ENTROPY_BLOCK_SIZE] = { 0 };
size_t i, j;
if( verbose != 0 )
polarssl_printf( " ENTROPY test: " );
entropy_init( &ctx );
ret = entropy_add_source( &ctx, entropy_dummy_source, NULL, 16 );
if( ret != 0 )
goto cleanup;
if( ( ret = entropy_gather( &ctx ) ) != 0 )
goto cleanup;
if( ( ret = entropy_update_manual( &ctx, buf, sizeof buf ) ) != 0 )
goto cleanup;
/*
* To test that entropy_func writes correct number of bytes:
* - use the whole buffer and rely on ASan to detect overruns
* - collect entropy 8 times and OR the result in an accumulator:
* any byte should then be 0 with probably 2^(-64), so requiring
* each of the 32 or 64 bytes to be non-zero has a false failure rate
* of at most 2^(-58) which is acceptable.
*/
for( i = 0; i < 8; i++ )
{
if( ( ret = entropy_func( &ctx, buf, sizeof( buf ) ) ) != 0 )
goto cleanup;
for( j = 0; j < sizeof( buf ); j++ )
acc[j] |= buf[j];
}
for( j = 0; j < sizeof( buf ); j++ )
{
if( acc[j] == 0 )
{
ret = 1;
goto cleanup;
}
}
cleanup:
entropy_free( &ctx );
if( verbose != 0 )
{
if( ret != 0 )
polarssl_printf( "failed\n" );
else
polarssl_printf( "passed\n" );
polarssl_printf( "\n" );
}
return( ret != 0 );
}
#endif /* POLARSSL_SELF_TEST */
#endif /* POLARSSL_ENTROPY_C */

View File

@ -1,7 +1,7 @@
/*
* Platform-specific and custom entropy polling functions
*
* Copyright (C) 2006-2011, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -23,7 +23,11 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_ENTROPY_C)
@ -56,18 +60,18 @@ int platform_entropy_poll( void *data, unsigned char *output, size_t len,
if( CryptAcquireContext( &provider, NULL, NULL,
PROV_RSA_FULL, CRYPT_VERIFYCONTEXT ) == FALSE )
{
return POLARSSL_ERR_ENTROPY_SOURCE_FAILED;
return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED );
}
if( CryptGenRandom( provider, (DWORD) len, output ) == FALSE )
return POLARSSL_ERR_ENTROPY_SOURCE_FAILED;
return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED );
CryptReleaseContext( provider, 0 );
*olen = len;
return( 0 );
}
#else
#else /* _WIN32 && !EFIX64 && !EFI32 */
#include <stdio.h>
@ -82,13 +86,13 @@ int platform_entropy_poll( void *data,
file = fopen( "/dev/urandom", "rb" );
if( file == NULL )
return POLARSSL_ERR_ENTROPY_SOURCE_FAILED;
return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED );
ret = fread( output, 1, len, file );
if( ret != len )
{
fclose( file );
return POLARSSL_ERR_ENTROPY_SOURCE_FAILED;
return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED );
}
fclose( file );
@ -96,8 +100,8 @@ int platform_entropy_poll( void *data,
return( 0 );
}
#endif
#endif
#endif /* _WIN32 && !EFIX64 && !EFI32 */
#endif /* !POLARSSL_NO_PLATFORM_ENTROPY */
#if defined(POLARSSL_TIMING_C)
int hardclock_poll( void *data,
@ -115,7 +119,7 @@ int hardclock_poll( void *data,
return( 0 );
}
#endif
#endif /* POLARSSL_TIMING_C */
#if defined(POLARSSL_HAVEGE_C)
int havege_poll( void *data,
@ -125,12 +129,12 @@ int havege_poll( void *data,
*olen = 0;
if( havege_random( hs, output, len ) != 0 )
return POLARSSL_ERR_ENTROPY_SOURCE_FAILED;
return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED );
*olen = len;
return( 0 );
}
#endif
#endif /* POLARSSL_HAVEGE_C */
#endif /* POLARSSL_ENTROPY_C */

View File

@ -1,7 +1,7 @@
/*
* Error message information
*
* Copyright (C) 2006-2012, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -23,12 +23,18 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_ERROR_C) || defined(POLARSSL_ERROR_STRERROR_DUMMY)
#include "polarssl/error.h"
#endif
#if defined(POLARSSL_ERROR_C)
#include "polarssl/error.h"
#if defined(POLARSSL_AES_C)
#include "polarssl/aes.h"
#endif
@ -49,6 +55,10 @@
#include "polarssl/camellia.h"
#endif
#if defined(POLARSSL_CCM_C)
#include "polarssl/ccm.h"
#endif
#if defined(POLARSSL_CIPHER_C)
#include "polarssl/cipher.h"
#endif
@ -77,6 +87,10 @@
#include "polarssl/gcm.h"
#endif
#if defined(POLARSSL_HMAC_DRBG_C)
#include "polarssl/hmac_drbg.h"
#endif
#if defined(POLARSSL_MD_C)
#include "polarssl/md.h"
#endif
@ -125,6 +139,10 @@
#include "polarssl/pkcs5.h"
#endif
#if defined(POLARSSL_RIPEMD160_C)
#include "polarssl/ripemd160.h"
#endif
#if defined(POLARSSL_RSA_C)
#include "polarssl/rsa.h"
#endif
@ -186,6 +204,7 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
// High level error codes
//
// BEGIN generated code
#if defined(POLARSSL_CIPHER_C)
if( use_ret == -(POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE) )
snprintf( buf, buflen, "CIPHER - The selected feature is not available" );
@ -237,6 +256,8 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
snprintf( buf, buflen, "ECP - Generation of random value, such as (ephemeral) key, failed" );
if( use_ret == -(POLARSSL_ERR_ECP_INVALID_KEY) )
snprintf( buf, buflen, "ECP - Invalid private or public key" );
if( use_ret == -(POLARSSL_ERR_ECP_SIG_LEN_MISMATCH) )
snprintf( buf, buflen, "ECP - Signature is valid but shorter than the user-supplied length" );
#endif /* POLARSSL_ECP_C */
#if defined(POLARSSL_MD_C)
@ -298,6 +319,8 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
snprintf( buf, buflen, "PK - Elliptic curve is unsupported (only NIST curves are supported)" );
if( use_ret == -(POLARSSL_ERR_PK_FEATURE_UNAVAILABLE) )
snprintf( buf, buflen, "PK - Unavailable feature, e.g. RSA disabled for RSA key" );
if( use_ret == -(POLARSSL_ERR_PK_SIG_LEN_MISMATCH) )
snprintf( buf, buflen, "PK - The signature is valid but its length is less than expected" );
#endif /* POLARSSL_PK_C */
#if defined(POLARSSL_PKCS12_C)
@ -422,9 +445,11 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
if( use_ret == -(POLARSSL_ERR_SSL_PK_TYPE_MISMATCH) )
snprintf( buf, buflen, "SSL - Public key type mismatch (eg, asked for RSA key exchange and presented EC key)" );
if( use_ret == -(POLARSSL_ERR_SSL_UNKNOWN_IDENTITY) )
snprintf( buf, buflen, "SSL - Unkown identity received (eg, PSK identity)" );
snprintf( buf, buflen, "SSL - Unknown identity received (eg, PSK identity)" );
if( use_ret == -(POLARSSL_ERR_SSL_INTERNAL_ERROR) )
snprintf( buf, buflen, "SSL - Internal error (eg, unexpected failure in lower-level module)" );
if( use_ret == -(POLARSSL_ERR_SSL_COUNTER_WRAPPING) )
snprintf( buf, buflen, "SSL - A counter would wrap (eg, too many messages exchanged)" );
#endif /* POLARSSL_SSL_TLS_C */
#if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C)
@ -465,6 +490,7 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
if( use_ret == -(POLARSSL_ERR_X509_FILE_IO_ERROR) )
snprintf( buf, buflen, "X509 - Read/write of file failed" );
#endif /* POLARSSL_X509_USE,X509_CREATE_C */
// END generated code
if( strlen( buf ) == 0 )
snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", use_ret );
@ -493,6 +519,7 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
// Low level error codes
//
// BEGIN generated code
#if defined(POLARSSL_AES_C)
if( use_ret == -(POLARSSL_ERR_AES_INVALID_KEY_LENGTH) )
snprintf( buf, buflen, "AES - Invalid key length" );
@ -557,6 +584,13 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
snprintf( buf, buflen, "CAMELLIA - Invalid data input length" );
#endif /* POLARSSL_CAMELLIA_C */
#if defined(POLARSSL_CCM_C)
if( use_ret == -(POLARSSL_ERR_CCM_BAD_INPUT) )
snprintf( buf, buflen, "CCM - Bad input parameters to function" );
if( use_ret == -(POLARSSL_ERR_CCM_AUTH_FAILED) )
snprintf( buf, buflen, "CCM - Authenticated decryption failed" );
#endif /* POLARSSL_CCM_C */
#if defined(POLARSSL_CTR_DRBG_C)
if( use_ret == -(POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED) )
snprintf( buf, buflen, "CTR_DRBG - The entropy source failed" );
@ -580,6 +614,8 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
snprintf( buf, buflen, "ENTROPY - No more sources can be added" );
if( use_ret == -(POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED) )
snprintf( buf, buflen, "ENTROPY - No sources have been added to poll" );
if( use_ret == -(POLARSSL_ERR_ENTROPY_FILE_IO_ERROR) )
snprintf( buf, buflen, "ENTROPY - Read/write error in file" );
#endif /* POLARSSL_ENTROPY_C */
#if defined(POLARSSL_GCM_C)
@ -589,6 +625,17 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
snprintf( buf, buflen, "GCM - Bad input parameters to function" );
#endif /* POLARSSL_GCM_C */
#if defined(POLARSSL_HMAC_DRBG_C)
if( use_ret == -(POLARSSL_ERR_HMAC_DRBG_REQUEST_TOO_BIG) )
snprintf( buf, buflen, "HMAC_DRBG - Too many random requested in single call" );
if( use_ret == -(POLARSSL_ERR_HMAC_DRBG_INPUT_TOO_BIG) )
snprintf( buf, buflen, "HMAC_DRBG - Input too large (Entropy + additional)" );
if( use_ret == -(POLARSSL_ERR_HMAC_DRBG_FILE_IO_ERROR) )
snprintf( buf, buflen, "HMAC_DRBG - Read/write error in file" );
if( use_ret == -(POLARSSL_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED) )
snprintf( buf, buflen, "HMAC_DRBG - The entropy source failed" );
#endif /* POLARSSL_HMAC_DRBG_C */
#if defined(POLARSSL_MD2_C)
if( use_ret == -(POLARSSL_ERR_MD2_FILE_IO_ERROR) )
snprintf( buf, buflen, "MD2 - Read/write error in file" );
@ -632,6 +679,8 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
#if defined(POLARSSL_OID_C)
if( use_ret == -(POLARSSL_ERR_OID_NOT_FOUND) )
snprintf( buf, buflen, "OID - OID is not found" );
if( use_ret == -(POLARSSL_ERR_OID_BUF_TOO_SMALL) )
snprintf( buf, buflen, "OID - output buffer is too small" );
#endif /* POLARSSL_OID_C */
#if defined(POLARSSL_PADLOCK_C)
@ -644,6 +693,11 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
snprintf( buf, buflen, "PBKDF2 - Bad input parameters to function" );
#endif /* POLARSSL_PBKDF2_C */
#if defined(POLARSSL_RIPEMD160_C)
if( use_ret == -(POLARSSL_ERR_RIPEMD160_FILE_IO_ERROR) )
snprintf( buf, buflen, "RIPEMD160 - Read/write error in file" );
#endif /* POLARSSL_RIPEMD160_C */
#if defined(POLARSSL_SHA1_C)
if( use_ret == -(POLARSSL_ERR_SHA1_FILE_IO_ERROR) )
snprintf( buf, buflen, "SHA1 - Read/write error in file" );
@ -672,6 +726,7 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
if( use_ret == -(POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH) )
snprintf( buf, buflen, "XTEA - The data input has an invalid length" );
#endif /* POLARSSL_XTEA_C */
// END generated code
if( strlen( buf ) != 0 )
return;

View File

@ -1,7 +1,7 @@
/*
* NIST SP800-38D compliant GCM implementation
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -33,7 +33,11 @@
* [MGV] 4.1, pp. 12-13, to enhance speed without using too much memory.
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_GCM_C)
@ -43,6 +47,12 @@
#include "polarssl/aesni.h"
#endif
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#define polarssl_printf printf
#endif
/*
* 32-bit integer manipulation macros (big endian)
*/
@ -66,6 +76,11 @@
}
#endif
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/*
* Precompute small multiples of H, that is set
* HH[i] || HL[i] = H times i,
@ -119,7 +134,7 @@ static int gcm_gen_table( gcm_context *ctx )
ctx->HH[i] = vh;
}
for (i = 2; i < 16; i <<= 1 )
for( i = 2; i < 16; i <<= 1 )
{
uint64_t *HiL = ctx->HL + i, *HiH = ctx->HH + i;
vh = *HiH;
@ -142,6 +157,8 @@ int gcm_init( gcm_context *ctx, cipher_id_t cipher, const unsigned char *key,
memset( ctx, 0, sizeof(gcm_context) );
cipher_init( &ctx->cipher_ctx );
cipher_info = cipher_info_from_values( cipher, keysize, POLARSSL_MODE_ECB );
if( cipher_info == NULL )
return( POLARSSL_ERR_GCM_BAD_INPUT );
@ -185,7 +202,6 @@ static void gcm_mult( gcm_context *ctx, const unsigned char x[16],
unsigned char output[16] )
{
int i = 0;
unsigned char z[16];
unsigned char lo, hi, rem;
uint64_t zh, zl;
@ -201,9 +217,7 @@ static void gcm_mult( gcm_context *ctx, const unsigned char x[16],
aesni_gcm_mult( output, x, h );
return;
}
#endif
memset( z, 0x00, 16 );
#endif /* POLARSSL_AESNI_C && POLARSSL_HAVE_X86_64 */
lo = x[15] & 0xf;
hi = x[15] >> 4;
@ -254,6 +268,13 @@ int gcm_starts( gcm_context *ctx,
const unsigned char *p;
size_t use_len, olen = 0;
/* IV and AD are limited to 2^64 bits, so 2^61 bytes */
if( ( (uint64_t) iv_len ) >> 61 != 0 ||
( (uint64_t) add_len ) >> 61 != 0 )
{
return( POLARSSL_ERR_GCM_BAD_INPUT );
}
memset( ctx->y, 0x00, sizeof(ctx->y) );
memset( ctx->buf, 0x00, sizeof(ctx->buf) );
@ -330,6 +351,14 @@ int gcm_update( gcm_context *ctx,
if( output > input && (size_t) ( output - input ) < length )
return( POLARSSL_ERR_GCM_BAD_INPUT );
/* Total length is restricted to 2^39 - 256 bits, ie 2^36 - 2^5 bytes
* Also check for possible overflow */
if( ctx->len + length < ctx->len ||
(uint64_t) ctx->len + length > 0x03FFFFE0llu )
{
return( POLARSSL_ERR_GCM_BAD_INPUT );
}
ctx->len += length;
p = input;
@ -375,7 +404,7 @@ int gcm_finish( gcm_context *ctx,
uint64_t orig_len = ctx->len * 8;
uint64_t orig_add_len = ctx->add_len * 8;
if( tag_len > 16 )
if( tag_len > 16 || tag_len < 4 )
return( POLARSSL_ERR_GCM_BAD_INPUT );
if( tag_len != 0 )
@ -457,7 +486,7 @@ int gcm_auth_decrypt( gcm_context *ctx,
if( diff != 0 )
{
memset( output, 0, length );
polarssl_zeroize( output, length );
return( POLARSSL_ERR_GCM_AUTH_FAILED );
}
@ -466,8 +495,8 @@ int gcm_auth_decrypt( gcm_context *ctx,
void gcm_free( gcm_context *ctx )
{
(void) cipher_free_ctx( &ctx->cipher_ctx );
memset( ctx, 0, sizeof( gcm_context ) );
cipher_free( &ctx->cipher_ctx );
polarssl_zeroize( ctx, sizeof( gcm_context ) );
}
#if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_AES_C)
@ -716,7 +745,8 @@ int gcm_self_test( int verbose )
for( i = 0; i < MAX_TESTS; i++ )
{
if( verbose != 0 )
printf( " AES-GCM-%3d #%d (%s): ", key_len, i, "enc" );
polarssl_printf( " AES-GCM-%3d #%d (%s): ",
key_len, i, "enc" );
gcm_init( &ctx, cipher, key[key_index[i]], key_len );
@ -731,7 +761,7 @@ int gcm_self_test( int verbose )
memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
}
@ -739,10 +769,11 @@ int gcm_self_test( int verbose )
gcm_free( &ctx );
if( verbose != 0 )
printf( "passed\n" );
polarssl_printf( "passed\n" );
if( verbose != 0 )
printf( " AES-GCM-%3d #%d (%s): ", key_len, i, "dec" );
polarssl_printf( " AES-GCM-%3d #%d (%s): ",
key_len, i, "dec" );
gcm_init( &ctx, cipher, key[key_index[i]], key_len );
@ -757,7 +788,7 @@ int gcm_self_test( int verbose )
memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
}
@ -765,10 +796,11 @@ int gcm_self_test( int verbose )
gcm_free( &ctx );
if( verbose != 0 )
printf( "passed\n" );
polarssl_printf( "passed\n" );
if( verbose != 0 )
printf( " AES-GCM-%3d #%d split (%s): ", key_len, i, "enc" );
polarssl_printf( " AES-GCM-%3d #%d split (%s): ",
key_len, i, "enc" );
gcm_init( &ctx, cipher, key[key_index[i]], key_len );
@ -778,7 +810,7 @@ int gcm_self_test( int verbose )
if( ret != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
}
@ -790,16 +822,17 @@ int gcm_self_test( int verbose )
if( ret != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
}
ret = gcm_update( &ctx, rest_len, pt[pt_index[i]] + 32, buf + 32 );
ret = gcm_update( &ctx, rest_len, pt[pt_index[i]] + 32,
buf + 32 );
if( ret != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
}
@ -810,7 +843,7 @@ int gcm_self_test( int verbose )
if( ret != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
}
@ -822,7 +855,7 @@ int gcm_self_test( int verbose )
memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
}
@ -830,10 +863,11 @@ int gcm_self_test( int verbose )
gcm_free( &ctx );
if( verbose != 0 )
printf( "passed\n" );
polarssl_printf( "passed\n" );
if( verbose != 0 )
printf( " AES-GCM-%3d #%d split (%s): ", key_len, i, "dec" );
polarssl_printf( " AES-GCM-%3d #%d split (%s): ",
key_len, i, "dec" );
gcm_init( &ctx, cipher, key[key_index[i]], key_len );
@ -843,7 +877,7 @@ int gcm_self_test( int verbose )
if( ret != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
}
@ -855,16 +889,17 @@ int gcm_self_test( int verbose )
if( ret != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
}
ret = gcm_update( &ctx, rest_len, ct[j * 6 + i] + 32, buf + 32 );
ret = gcm_update( &ctx, rest_len, ct[j * 6 + i] + 32,
buf + 32 );
if( ret != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
}
@ -875,7 +910,7 @@ int gcm_self_test( int verbose )
if( ret != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
}
@ -887,7 +922,7 @@ int gcm_self_test( int verbose )
memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
}
@ -895,13 +930,13 @@ int gcm_self_test( int verbose )
gcm_free( &ctx );
if( verbose != 0 )
printf( "passed\n" );
polarssl_printf( "passed\n" );
}
}
if( verbose != 0 )
printf( "\n" );
polarssl_printf( "\n" );
return( 0 );
}
@ -910,4 +945,4 @@ int gcm_self_test( int verbose )
#endif /* POLARSSL_SELF_TEST && POLARSSL_AES_C */
#endif
#endif /* POLARSSL_GCM_C */

View File

@ -1,7 +1,7 @@
/**
* \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion
*
* Copyright (C) 2006-2010, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -30,7 +30,11 @@
* Contact: seznec(at)irisa_dot_fr - orocheco(at)irisa_dot_fr
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_HAVEGE_C)
@ -39,6 +43,11 @@
#include <string.h>
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/* ------------------------------------------------------------------------
* On average, one iteration accesses two 8-word blocks in the havege WALK
* table, and generates 16 words in the RES array.
@ -145,7 +154,7 @@
*C = (*C >> (15)) ^ (*C << (17)) ^ CLK; \
*D = (*D >> (16)) ^ (*D << (16)) ^ CLK; \
\
PT1 = ( RES[(i - 8) ^ PTX] ^ \
PT1 = ( RES[( i - 8 ) ^ PTX] ^ \
WALK[PT1 ^ PTX ^ 7] ) & (~1); \
PT1 ^= (PT2 ^ 0x10) & 0x10; \
\
@ -196,6 +205,14 @@ void havege_init( havege_state *hs )
havege_fill( hs );
}
void havege_free( havege_state *hs )
{
if( hs == NULL )
return;
polarssl_zeroize( hs, sizeof( havege_state ) );
}
/*
* HAVEGE rand function
*/
@ -227,4 +244,4 @@ int havege_random( void *p_rng, unsigned char *buf, size_t len )
return( 0 );
}
#endif
#endif /* POLARSSL_HAVEGE_C */

502
Externals/polarssl/library/hmac_drbg.c vendored Normal file
View File

@ -0,0 +1,502 @@
/*
* HMAC_DRBG implementation (NIST SP 800-90)
*
* Copyright (C) 2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/*
* The NIST SP 800-90A DRBGs are described in the following publication.
* http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf
* References below are based on rev. 1 (January 2012).
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_HMAC_DRBG_C)
#include "polarssl/hmac_drbg.h"
#if defined(POLARSSL_FS_IO)
#include <stdio.h>
#endif
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#define polarssl_printf printf
#endif
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/*
* HMAC_DRBG update, using optional additional data (10.1.2.2)
*/
void hmac_drbg_update( hmac_drbg_context *ctx,
const unsigned char *additional, size_t add_len )
{
size_t md_len = ctx->md_ctx.md_info->size;
unsigned char rounds = ( additional != NULL && add_len != 0 ) ? 2 : 1;
unsigned char sep[1];
unsigned char K[POLARSSL_MD_MAX_SIZE];
for( sep[0] = 0; sep[0] < rounds; sep[0]++ )
{
/* Step 1 or 4 */
md_hmac_reset( &ctx->md_ctx );
md_hmac_update( &ctx->md_ctx, ctx->V, md_len );
md_hmac_update( &ctx->md_ctx, sep, 1 );
if( rounds == 2 )
md_hmac_update( &ctx->md_ctx, additional, add_len );
md_hmac_finish( &ctx->md_ctx, K );
/* Step 2 or 5 */
md_hmac_starts( &ctx->md_ctx, K, md_len );
md_hmac_update( &ctx->md_ctx, ctx->V, md_len );
md_hmac_finish( &ctx->md_ctx, ctx->V );
}
}
/*
* Simplified HMAC_DRBG initialisation (for use with deterministic ECDSA)
*/
int hmac_drbg_init_buf( hmac_drbg_context *ctx,
const md_info_t * md_info,
const unsigned char *data, size_t data_len )
{
int ret;
memset( ctx, 0, sizeof( hmac_drbg_context ) );
md_init( &ctx->md_ctx );
if( ( ret = md_init_ctx( &ctx->md_ctx, md_info ) ) != 0 )
return( ret );
/*
* Set initial working state.
* Use the V memory location, which is currently all 0, to initialize the
* MD context with an all-zero key. Then set V to its initial value.
*/
md_hmac_starts( &ctx->md_ctx, ctx->V, md_info->size );
memset( ctx->V, 0x01, md_info->size );
hmac_drbg_update( ctx, data, data_len );
return( 0 );
}
/*
* HMAC_DRBG reseeding: 10.1.2.4 (arabic) + 9.2 (Roman)
*/
int hmac_drbg_reseed( hmac_drbg_context *ctx,
const unsigned char *additional, size_t len )
{
unsigned char seed[POLARSSL_HMAC_DRBG_MAX_SEED_INPUT];
size_t seedlen;
/* III. Check input length */
if( len > POLARSSL_HMAC_DRBG_MAX_INPUT ||
ctx->entropy_len + len > POLARSSL_HMAC_DRBG_MAX_SEED_INPUT )
{
return( POLARSSL_ERR_HMAC_DRBG_INPUT_TOO_BIG );
}
memset( seed, 0, POLARSSL_HMAC_DRBG_MAX_SEED_INPUT );
/* IV. Gather entropy_len bytes of entropy for the seed */
if( ctx->f_entropy( ctx->p_entropy, seed, ctx->entropy_len ) != 0 )
return( POLARSSL_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED );
seedlen = ctx->entropy_len;
/* 1. Concatenate entropy and additional data if any */
if( additional != NULL && len != 0 )
{
memcpy( seed + seedlen, additional, len );
seedlen += len;
}
/* 2. Update state */
hmac_drbg_update( ctx, seed, seedlen );
/* 3. Reset reseed_counter */
ctx->reseed_counter = 1;
/* 4. Done */
return( 0 );
}
/*
* HMAC_DRBG initialisation (10.1.2.3 + 9.1)
*/
int hmac_drbg_init( hmac_drbg_context *ctx,
const md_info_t * md_info,
int (*f_entropy)(void *, unsigned char *, size_t),
void *p_entropy,
const unsigned char *custom,
size_t len )
{
int ret;
size_t entropy_len;
memset( ctx, 0, sizeof( hmac_drbg_context ) );
md_init( &ctx->md_ctx );
if( ( ret = md_init_ctx( &ctx->md_ctx, md_info ) ) != 0 )
return( ret );
/*
* Set initial working state.
* Use the V memory location, which is currently all 0, to initialize the
* MD context with an all-zero key. Then set V to its initial value.
*/
md_hmac_starts( &ctx->md_ctx, ctx->V, md_info->size );
memset( ctx->V, 0x01, md_info->size );
ctx->f_entropy = f_entropy;
ctx->p_entropy = p_entropy;
ctx->reseed_interval = POLARSSL_HMAC_DRBG_RESEED_INTERVAL;
/*
* See SP800-57 5.6.1 (p. 65-66) for the security strength provided by
* each hash function, then according to SP800-90A rev1 10.1 table 2,
* min_entropy_len (in bits) is security_strength.
*
* (This also matches the sizes used in the NIST test vectors.)
*/
entropy_len = md_info->size <= 20 ? 16 : /* 160-bits hash -> 128 bits */
md_info->size <= 28 ? 24 : /* 224-bits hash -> 192 bits */
32; /* better (256+) -> 256 bits */
/*
* For initialisation, use more entropy to emulate a nonce
* (Again, matches test vectors.)
*/
ctx->entropy_len = entropy_len * 3 / 2;
if( ( ret = hmac_drbg_reseed( ctx, custom, len ) ) != 0 )
return( ret );
ctx->entropy_len = entropy_len;
return( 0 );
}
/*
* Set prediction resistance
*/
void hmac_drbg_set_prediction_resistance( hmac_drbg_context *ctx,
int resistance )
{
ctx->prediction_resistance = resistance;
}
/*
* Set entropy length grabbed for reseeds
*/
void hmac_drbg_set_entropy_len( hmac_drbg_context *ctx, size_t len )
{
ctx->entropy_len = len;
}
/*
* Set reseed interval
*/
void hmac_drbg_set_reseed_interval( hmac_drbg_context *ctx, int interval )
{
ctx->reseed_interval = interval;
}
/*
* HMAC_DRBG random function with optional additional data:
* 10.1.2.5 (arabic) + 9.3 (Roman)
*/
int hmac_drbg_random_with_add( void *p_rng,
unsigned char *output, size_t out_len,
const unsigned char *additional, size_t add_len )
{
int ret;
hmac_drbg_context *ctx = (hmac_drbg_context *) p_rng;
size_t md_len = md_get_size( ctx->md_ctx.md_info );
size_t left = out_len;
unsigned char *out = output;
/* II. Check request length */
if( out_len > POLARSSL_HMAC_DRBG_MAX_REQUEST )
return( POLARSSL_ERR_HMAC_DRBG_REQUEST_TOO_BIG );
/* III. Check input length */
if( add_len > POLARSSL_HMAC_DRBG_MAX_INPUT )
return( POLARSSL_ERR_HMAC_DRBG_INPUT_TOO_BIG );
/* 1. (aka VII and IX) Check reseed counter and PR */
if( ctx->f_entropy != NULL && /* For no-reseeding instances */
( ctx->prediction_resistance == POLARSSL_HMAC_DRBG_PR_ON ||
ctx->reseed_counter > ctx->reseed_interval ) )
{
if( ( ret = hmac_drbg_reseed( ctx, additional, add_len ) ) != 0 )
return( ret );
add_len = 0; /* VII.4 */
}
/* 2. Use additional data if any */
if( additional != NULL && add_len != 0 )
hmac_drbg_update( ctx, additional, add_len );
/* 3, 4, 5. Generate bytes */
while( left != 0 )
{
size_t use_len = left > md_len ? md_len : left;
md_hmac_reset( &ctx->md_ctx );
md_hmac_update( &ctx->md_ctx, ctx->V, md_len );
md_hmac_finish( &ctx->md_ctx, ctx->V );
memcpy( out, ctx->V, use_len );
out += use_len;
left -= use_len;
}
/* 6. Update */
hmac_drbg_update( ctx, additional, add_len );
/* 7. Update reseed counter */
ctx->reseed_counter++;
/* 8. Done */
return( 0 );
}
/*
* HMAC_DRBG random function
*/
int hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len )
{
return( hmac_drbg_random_with_add( p_rng, output, out_len, NULL, 0 ) );
}
/*
* Free an HMAC_DRBG context
*/
void hmac_drbg_free( hmac_drbg_context *ctx )
{
if( ctx == NULL )
return;
md_free_ctx( &ctx->md_ctx );
polarssl_zeroize( ctx, sizeof( hmac_drbg_context ) );
}
#if defined(POLARSSL_FS_IO)
int hmac_drbg_write_seed_file( hmac_drbg_context *ctx, const char *path )
{
int ret;
FILE *f;
unsigned char buf[ POLARSSL_HMAC_DRBG_MAX_INPUT ];
if( ( f = fopen( path, "wb" ) ) == NULL )
return( POLARSSL_ERR_HMAC_DRBG_FILE_IO_ERROR );
if( ( ret = hmac_drbg_random( ctx, buf, sizeof( buf ) ) ) != 0 )
goto exit;
if( fwrite( buf, 1, sizeof( buf ), f ) != sizeof( buf ) )
{
ret = POLARSSL_ERR_HMAC_DRBG_FILE_IO_ERROR;
goto exit;
}
ret = 0;
exit:
fclose( f );
return( ret );
}
int hmac_drbg_update_seed_file( hmac_drbg_context *ctx, const char *path )
{
FILE *f;
size_t n;
unsigned char buf[ POLARSSL_HMAC_DRBG_MAX_INPUT ];
if( ( f = fopen( path, "rb" ) ) == NULL )
return( POLARSSL_ERR_HMAC_DRBG_FILE_IO_ERROR );
fseek( f, 0, SEEK_END );
n = (size_t) ftell( f );
fseek( f, 0, SEEK_SET );
if( n > POLARSSL_HMAC_DRBG_MAX_INPUT )
{
fclose( f );
return( POLARSSL_ERR_HMAC_DRBG_INPUT_TOO_BIG );
}
if( fread( buf, 1, n, f ) != n )
{
fclose( f );
return( POLARSSL_ERR_HMAC_DRBG_FILE_IO_ERROR );
}
fclose( f );
hmac_drbg_update( ctx, buf, n );
return( hmac_drbg_write_seed_file( ctx, path ) );
}
#endif /* POLARSSL_FS_IO */
#if defined(POLARSSL_SELF_TEST)
#include <stdio.h>
#if !defined(POLARSSL_SHA1_C)
/* Dummy checkup routine */
int hmac_drbg_self_test( int verbose )
{
if( verbose != 0 )
polarssl_printf( "\n" );
return( 0 );
}
#else
#define OUTPUT_LEN 80
/* From a NIST PR=true test vector */
static unsigned char entropy_pr[] = {
0xa0, 0xc9, 0xab, 0x58, 0xf1, 0xe2, 0xe5, 0xa4, 0xde, 0x3e, 0xbd, 0x4f,
0xf7, 0x3e, 0x9c, 0x5b, 0x64, 0xef, 0xd8, 0xca, 0x02, 0x8c, 0xf8, 0x11,
0x48, 0xa5, 0x84, 0xfe, 0x69, 0xab, 0x5a, 0xee, 0x42, 0xaa, 0x4d, 0x42,
0x17, 0x60, 0x99, 0xd4, 0x5e, 0x13, 0x97, 0xdc, 0x40, 0x4d, 0x86, 0xa3,
0x7b, 0xf5, 0x59, 0x54, 0x75, 0x69, 0x51, 0xe4 };
static const unsigned char result_pr[OUTPUT_LEN] = {
0x9a, 0x00, 0xa2, 0xd0, 0x0e, 0xd5, 0x9b, 0xfe, 0x31, 0xec, 0xb1, 0x39,
0x9b, 0x60, 0x81, 0x48, 0xd1, 0x96, 0x9d, 0x25, 0x0d, 0x3c, 0x1e, 0x94,
0x10, 0x10, 0x98, 0x12, 0x93, 0x25, 0xca, 0xb8, 0xfc, 0xcc, 0x2d, 0x54,
0x73, 0x19, 0x70, 0xc0, 0x10, 0x7a, 0xa4, 0x89, 0x25, 0x19, 0x95, 0x5e,
0x4b, 0xc6, 0x00, 0x1d, 0x7f, 0x4e, 0x6a, 0x2b, 0xf8, 0xa3, 0x01, 0xab,
0x46, 0x05, 0x5c, 0x09, 0xa6, 0x71, 0x88, 0xf1, 0xa7, 0x40, 0xee, 0xf3,
0xe1, 0x5c, 0x02, 0x9b, 0x44, 0xaf, 0x03, 0x44 };
/* From a NIST PR=false test vector */
static unsigned char entropy_nopr[] = {
0x79, 0x34, 0x9b, 0xbf, 0x7c, 0xdd, 0xa5, 0x79, 0x95, 0x57, 0x86, 0x66,
0x21, 0xc9, 0x13, 0x83, 0x11, 0x46, 0x73, 0x3a, 0xbf, 0x8c, 0x35, 0xc8,
0xc7, 0x21, 0x5b, 0x5b, 0x96, 0xc4, 0x8e, 0x9b, 0x33, 0x8c, 0x74, 0xe3,
0xe9, 0x9d, 0xfe, 0xdf };
static const unsigned char result_nopr[OUTPUT_LEN] = {
0xc6, 0xa1, 0x6a, 0xb8, 0xd4, 0x20, 0x70, 0x6f, 0x0f, 0x34, 0xab, 0x7f,
0xec, 0x5a, 0xdc, 0xa9, 0xd8, 0xca, 0x3a, 0x13, 0x3e, 0x15, 0x9c, 0xa6,
0xac, 0x43, 0xc6, 0xf8, 0xa2, 0xbe, 0x22, 0x83, 0x4a, 0x4c, 0x0a, 0x0a,
0xff, 0xb1, 0x0d, 0x71, 0x94, 0xf1, 0xc1, 0xa5, 0xcf, 0x73, 0x22, 0xec,
0x1a, 0xe0, 0x96, 0x4e, 0xd4, 0xbf, 0x12, 0x27, 0x46, 0xe0, 0x87, 0xfd,
0xb5, 0xb3, 0xe9, 0x1b, 0x34, 0x93, 0xd5, 0xbb, 0x98, 0xfa, 0xed, 0x49,
0xe8, 0x5f, 0x13, 0x0f, 0xc8, 0xa4, 0x59, 0xb7 };
/* "Entropy" from buffer */
static size_t test_offset;
static int hmac_drbg_self_test_entropy( void *data,
unsigned char *buf, size_t len )
{
const unsigned char *p = data;
memcpy( buf, p + test_offset, len );
test_offset += len;
return( 0 );
}
#define CHK( c ) if( (c) != 0 ) \
{ \
if( verbose != 0 ) \
polarssl_printf( "failed\n" ); \
return( 1 ); \
}
/*
* Checkup routine for HMAC_DRBG with SHA-1
*/
int hmac_drbg_self_test( int verbose )
{
hmac_drbg_context ctx;
unsigned char buf[OUTPUT_LEN];
const md_info_t *md_info = md_info_from_type( POLARSSL_MD_SHA1 );
/*
* PR = True
*/
if( verbose != 0 )
polarssl_printf( " HMAC_DRBG (PR = True) : " );
test_offset = 0;
CHK( hmac_drbg_init( &ctx, md_info,
hmac_drbg_self_test_entropy, entropy_pr,
NULL, 0 ) );
hmac_drbg_set_prediction_resistance( &ctx, POLARSSL_HMAC_DRBG_PR_ON );
CHK( hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
CHK( hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
CHK( memcmp( buf, result_pr, OUTPUT_LEN ) );
hmac_drbg_free( &ctx );
if( verbose != 0 )
polarssl_printf( "passed\n" );
/*
* PR = False
*/
if( verbose != 0 )
polarssl_printf( " HMAC_DRBG (PR = False) : " );
test_offset = 0;
CHK( hmac_drbg_init( &ctx, md_info,
hmac_drbg_self_test_entropy, entropy_nopr,
NULL, 0 ) );
CHK( hmac_drbg_reseed( &ctx, NULL, 0 ) );
CHK( hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
CHK( hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
CHK( memcmp( buf, result_nopr, OUTPUT_LEN ) );
hmac_drbg_free( &ctx );
if( verbose != 0 )
polarssl_printf( "passed\n" );
if( verbose != 0 )
polarssl_printf( "\n" );
return( 0 );
}
#endif /* POLARSSL_SHA1_C */
#endif /* POLARSSL_SELF_TEST */
#endif /* POLARSSL_HMAC_DRBG_C */

View File

@ -5,7 +5,7 @@
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
* Copyright (C) 2006-2010, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -27,7 +27,11 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_MD_C)
@ -41,26 +45,16 @@
#define strcasecmp _stricmp
#endif
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
static const int supported_digests[] = {
#if defined(POLARSSL_MD2_C)
POLARSSL_MD_MD2,
#endif
#if defined(POLARSSL_MD4_C)
POLARSSL_MD_MD4,
#endif
#if defined(POLARSSL_MD5_C)
POLARSSL_MD_MD5,
#endif
#if defined(POLARSSL_RIPEMD160_C)
POLARSSL_MD_RIPEMD160,
#endif
#if defined(POLARSSL_SHA1_C)
POLARSSL_MD_SHA1,
#if defined(POLARSSL_SHA512_C)
POLARSSL_MD_SHA384,
POLARSSL_MD_SHA512,
#endif
#if defined(POLARSSL_SHA256_C)
@ -68,23 +62,38 @@ static const int supported_digests[] = {
POLARSSL_MD_SHA256,
#endif
#if defined(POLARSSL_SHA512_C)
POLARSSL_MD_SHA384,
POLARSSL_MD_SHA512,
#if defined(POLARSSL_SHA1_C)
POLARSSL_MD_SHA1,
#endif
0
#if defined(POLARSSL_RIPEMD160_C)
POLARSSL_MD_RIPEMD160,
#endif
#if defined(POLARSSL_MD5_C)
POLARSSL_MD_MD5,
#endif
#if defined(POLARSSL_MD4_C)
POLARSSL_MD_MD4,
#endif
#if defined(POLARSSL_MD2_C)
POLARSSL_MD_MD2,
#endif
POLARSSL_MD_NONE
};
const int *md_list( void )
{
return supported_digests;
return( supported_digests );
}
const md_info_t *md_info_from_string( const char *md_name )
{
if( NULL == md_name )
return NULL;
return( NULL );
/* Get the appropriate digest information */
#if defined(POLARSSL_MD2_C)
@ -119,7 +128,7 @@ const md_info_t *md_info_from_string( const char *md_name )
if( !strcasecmp( "SHA512", md_name ) )
return md_info_from_type( POLARSSL_MD_SHA512 );
#endif
return NULL;
return( NULL );
}
const md_info_t *md_info_from_type( md_type_t md_type )
@ -128,108 +137,120 @@ const md_info_t *md_info_from_type( md_type_t md_type )
{
#if defined(POLARSSL_MD2_C)
case POLARSSL_MD_MD2:
return &md2_info;
return( &md2_info );
#endif
#if defined(POLARSSL_MD4_C)
case POLARSSL_MD_MD4:
return &md4_info;
return( &md4_info );
#endif
#if defined(POLARSSL_MD5_C)
case POLARSSL_MD_MD5:
return &md5_info;
return( &md5_info );
#endif
#if defined(POLARSSL_RIPEMD160_C)
case POLARSSL_MD_RIPEMD160:
return &ripemd160_info;
return( &ripemd160_info );
#endif
#if defined(POLARSSL_SHA1_C)
case POLARSSL_MD_SHA1:
return &sha1_info;
return( &sha1_info );
#endif
#if defined(POLARSSL_SHA256_C)
case POLARSSL_MD_SHA224:
return &sha224_info;
return( &sha224_info );
case POLARSSL_MD_SHA256:
return &sha256_info;
return( &sha256_info );
#endif
#if defined(POLARSSL_SHA512_C)
case POLARSSL_MD_SHA384:
return &sha384_info;
return( &sha384_info );
case POLARSSL_MD_SHA512:
return &sha512_info;
return( &sha512_info );
#endif
default:
return NULL;
return( NULL );
}
}
void md_init( md_context_t *ctx )
{
memset( ctx, 0, sizeof( md_context_t ) );
}
void md_free( md_context_t *ctx )
{
if( ctx == NULL )
return;
if( ctx->md_ctx )
ctx->md_info->ctx_free_func( ctx->md_ctx );
polarssl_zeroize( ctx, sizeof( md_context_t ) );
}
int md_init_ctx( md_context_t *ctx, const md_info_t *md_info )
{
if( md_info == NULL || ctx == NULL )
return POLARSSL_ERR_MD_BAD_INPUT_DATA;
return( POLARSSL_ERR_MD_BAD_INPUT_DATA );
memset( ctx, 0, sizeof( md_context_t ) );
if( ( ctx->md_ctx = md_info->ctx_alloc_func() ) == NULL )
return POLARSSL_ERR_MD_ALLOC_FAILED;
return( POLARSSL_ERR_MD_ALLOC_FAILED );
ctx->md_info = md_info;
md_info->starts_func( ctx->md_ctx );
return 0;
return( 0 );
}
int md_free_ctx( md_context_t *ctx )
{
if( ctx == NULL || ctx->md_info == NULL )
return POLARSSL_ERR_MD_BAD_INPUT_DATA;
md_free( ctx );
ctx->md_info->ctx_free_func( ctx->md_ctx );
ctx->md_ctx = NULL;
return 0;
return( 0 );
}
int md_starts( md_context_t *ctx )
{
if( ctx == NULL || ctx->md_info == NULL )
return POLARSSL_ERR_MD_BAD_INPUT_DATA;
return( POLARSSL_ERR_MD_BAD_INPUT_DATA );
ctx->md_info->starts_func( ctx->md_ctx );
return 0;
return( 0 );
}
int md_update( md_context_t *ctx, const unsigned char *input, size_t ilen )
{
if( ctx == NULL || ctx->md_info == NULL )
return POLARSSL_ERR_MD_BAD_INPUT_DATA;
return( POLARSSL_ERR_MD_BAD_INPUT_DATA );
ctx->md_info->update_func( ctx->md_ctx, input, ilen );
return 0;
return( 0 );
}
int md_finish( md_context_t *ctx, unsigned char *output )
{
if( ctx == NULL || ctx->md_info == NULL )
return POLARSSL_ERR_MD_BAD_INPUT_DATA;
return( POLARSSL_ERR_MD_BAD_INPUT_DATA );
ctx->md_info->finish_func( ctx->md_ctx, output );
return 0;
return( 0 );
}
int md( const md_info_t *md_info, const unsigned char *input, size_t ilen,
unsigned char *output )
{
if ( md_info == NULL )
return POLARSSL_ERR_MD_BAD_INPUT_DATA;
if( md_info == NULL )
return( POLARSSL_ERR_MD_BAD_INPUT_DATA );
md_info->digest_func( input, ilen, output );
return 0;
return( 0 );
}
int md_file( const md_info_t *md_info, const char *path, unsigned char *output )
@ -239,7 +260,7 @@ int md_file( const md_info_t *md_info, const char *path, unsigned char *output )
#endif
if( md_info == NULL )
return POLARSSL_ERR_MD_BAD_INPUT_DATA;
return( POLARSSL_ERR_MD_BAD_INPUT_DATA );
#if defined(POLARSSL_FS_IO)
ret = md_info->file_func( path, output );
@ -251,48 +272,48 @@ int md_file( const md_info_t *md_info, const char *path, unsigned char *output )
((void) path);
((void) output);
return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE;
#endif
return( POLARSSL_ERR_MD_FEATURE_UNAVAILABLE );
#endif /* POLARSSL_FS_IO */
}
int md_hmac_starts( md_context_t *ctx, const unsigned char *key, size_t keylen )
{
if( ctx == NULL || ctx->md_info == NULL )
return POLARSSL_ERR_MD_BAD_INPUT_DATA;
return( POLARSSL_ERR_MD_BAD_INPUT_DATA );
ctx->md_info->hmac_starts_func( ctx->md_ctx, key, keylen);
ctx->md_info->hmac_starts_func( ctx->md_ctx, key, keylen );
return 0;
return( 0 );
}
int md_hmac_update( md_context_t *ctx, const unsigned char *input, size_t ilen )
{
if( ctx == NULL || ctx->md_info == NULL )
return POLARSSL_ERR_MD_BAD_INPUT_DATA;
return( POLARSSL_ERR_MD_BAD_INPUT_DATA );
ctx->md_info->hmac_update_func( ctx->md_ctx, input, ilen );
return 0;
return( 0 );
}
int md_hmac_finish( md_context_t *ctx, unsigned char *output)
int md_hmac_finish( md_context_t *ctx, unsigned char *output )
{
if( ctx == NULL || ctx->md_info == NULL )
return POLARSSL_ERR_MD_BAD_INPUT_DATA;
return( POLARSSL_ERR_MD_BAD_INPUT_DATA );
ctx->md_info->hmac_finish_func( ctx->md_ctx, output);
ctx->md_info->hmac_finish_func( ctx->md_ctx, output );
return 0;
return( 0 );
}
int md_hmac_reset( md_context_t *ctx )
{
if( ctx == NULL || ctx->md_info == NULL )
return POLARSSL_ERR_MD_BAD_INPUT_DATA;
return( POLARSSL_ERR_MD_BAD_INPUT_DATA );
ctx->md_info->hmac_reset_func( ctx->md_ctx);
ctx->md_info->hmac_reset_func( ctx->md_ctx );
return 0;
return( 0 );
}
int md_hmac( const md_info_t *md_info, const unsigned char *key, size_t keylen,
@ -300,21 +321,21 @@ int md_hmac( const md_info_t *md_info, const unsigned char *key, size_t keylen,
unsigned char *output )
{
if( md_info == NULL )
return POLARSSL_ERR_MD_BAD_INPUT_DATA;
return( POLARSSL_ERR_MD_BAD_INPUT_DATA );
md_info->hmac_func( key, keylen, input, ilen, output );
return 0;
return( 0 );
}
int md_process( md_context_t *ctx, const unsigned char *data )
{
if( ctx == NULL || ctx->md_info == NULL )
return POLARSSL_ERR_MD_BAD_INPUT_DATA;
return( POLARSSL_ERR_MD_BAD_INPUT_DATA );
ctx->md_info->process_func( ctx->md_ctx, data );
return 0;
return( 0 );
}
#endif
#endif /* POLARSSL_MD_C */

View File

@ -1,7 +1,7 @@
/*
* RFC 1115/1319 compliant MD2 implementation
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -29,7 +29,11 @@
* http://www.ietf.org/rfc/rfc1319.txt
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_MD2_C)
@ -39,6 +43,17 @@
#include <stdio.h>
#endif
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#define polarssl_printf printf
#endif
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
#if !defined(POLARSSL_MD2_ALT)
static const unsigned char PI_SUBST[256] =
@ -71,6 +86,19 @@ static const unsigned char PI_SUBST[256] =
0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14
};
void md2_init( md2_context *ctx )
{
memset( ctx, 0, sizeof( md2_context ) );
}
void md2_free( md2_context *ctx )
{
if( ctx == NULL )
return;
polarssl_zeroize( ctx, sizeof( md2_context ) );
}
/*
* MD2 context setup
*/
@ -174,11 +202,11 @@ void md2( const unsigned char *input, size_t ilen, unsigned char output[16] )
{
md2_context ctx;
md2_init( &ctx );
md2_starts( &ctx );
md2_update( &ctx, input, ilen );
md2_finish( &ctx, output );
memset( &ctx, 0, sizeof( md2_context ) );
md2_free( &ctx );
}
#if defined(POLARSSL_FS_IO)
@ -195,14 +223,14 @@ int md2_file( const char *path, unsigned char output[16] )
if( ( f = fopen( path, "rb" ) ) == NULL )
return( POLARSSL_ERR_MD2_FILE_IO_ERROR );
md2_init( &ctx );
md2_starts( &ctx );
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
md2_update( &ctx, buf, n );
md2_finish( &ctx, output );
memset( &ctx, 0, sizeof( md2_context ) );
md2_free( &ctx );
if( ferror( f ) != 0 )
{
@ -218,7 +246,8 @@ int md2_file( const char *path, unsigned char output[16] )
/*
* MD2 HMAC context setup
*/
void md2_hmac_starts( md2_context *ctx, const unsigned char *key, size_t keylen )
void md2_hmac_starts( md2_context *ctx, const unsigned char *key,
size_t keylen )
{
size_t i;
unsigned char sum[16];
@ -242,13 +271,14 @@ void md2_hmac_starts( md2_context *ctx, const unsigned char *key, size_t keylen
md2_starts( ctx );
md2_update( ctx, ctx->ipad, 16 );
memset( sum, 0, sizeof( sum ) );
polarssl_zeroize( sum, sizeof( sum ) );
}
/*
* MD2 HMAC process buffer
*/
void md2_hmac_update( md2_context *ctx, const unsigned char *input, size_t ilen )
void md2_hmac_update( md2_context *ctx, const unsigned char *input,
size_t ilen )
{
md2_update( ctx, input, ilen );
}
@ -266,7 +296,7 @@ void md2_hmac_finish( md2_context *ctx, unsigned char output[16] )
md2_update( ctx, tmpbuf, 16 );
md2_finish( ctx, output );
memset( tmpbuf, 0, sizeof( tmpbuf ) );
polarssl_zeroize( tmpbuf, sizeof( tmpbuf ) );
}
/*
@ -287,11 +317,11 @@ void md2_hmac( const unsigned char *key, size_t keylen,
{
md2_context ctx;
md2_init( &ctx );
md2_hmac_starts( &ctx, key, keylen );
md2_hmac_update( &ctx, input, ilen );
md2_hmac_finish( &ctx, output );
memset( &ctx, 0, sizeof( md2_context ) );
md2_free( &ctx );
}
#if defined(POLARSSL_SELF_TEST)
@ -340,7 +370,7 @@ int md2_self_test( int verbose )
for( i = 0; i < 7; i++ )
{
if( verbose != 0 )
printf( " MD2 test #%d: ", i + 1 );
polarssl_printf( " MD2 test #%d: ", i + 1 );
md2( (unsigned char *) md2_test_str[i],
strlen( md2_test_str[i] ), md2sum );
@ -348,21 +378,21 @@ int md2_self_test( int verbose )
if( memcmp( md2sum, md2_test_sum[i], 16 ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
printf( "passed\n" );
polarssl_printf( "passed\n" );
}
if( verbose != 0 )
printf( "\n" );
polarssl_printf( "\n" );
return( 0 );
}
#endif
#endif /* POLARSSL_SELF_TEST */
#endif
#endif /* POLARSSL_MD2_C */

View File

@ -1,7 +1,7 @@
/*
* RFC 1186/1320 compliant MD4 implementation
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -29,7 +29,11 @@
* http://www.ietf.org/rfc/rfc1320.txt
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_MD4_C)
@ -39,6 +43,17 @@
#include <stdio.h>
#endif
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#define polarssl_printf printf
#endif
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
#if !defined(POLARSSL_MD4_ALT)
/*
@ -64,6 +79,19 @@
}
#endif
void md4_init( md4_context *ctx )
{
memset( ctx, 0, sizeof( md4_context ) );
}
void md4_free( md4_context *ctx )
{
if( ctx == NULL )
return;
polarssl_zeroize( ctx, sizeof( md4_context ) );
}
/*
* MD4 context setup
*/
@ -189,7 +217,7 @@ void md4_update( md4_context *ctx, const unsigned char *input, size_t ilen )
size_t fill;
uint32_t left;
if( ilen <= 0 )
if( ilen == 0 )
return;
left = ctx->total[0] & 0x3F;
@ -270,11 +298,11 @@ void md4( const unsigned char *input, size_t ilen, unsigned char output[16] )
{
md4_context ctx;
md4_init( &ctx );
md4_starts( &ctx );
md4_update( &ctx, input, ilen );
md4_finish( &ctx, output );
memset( &ctx, 0, sizeof( md4_context ) );
md4_free( &ctx );
}
#if defined(POLARSSL_FS_IO)
@ -291,14 +319,14 @@ int md4_file( const char *path, unsigned char output[16] )
if( ( f = fopen( path, "rb" ) ) == NULL )
return( POLARSSL_ERR_MD4_FILE_IO_ERROR );
md4_init( &ctx );
md4_starts( &ctx );
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
md4_update( &ctx, buf, n );
md4_finish( &ctx, output );
memset( &ctx, 0, sizeof( md4_context ) );
md4_free( &ctx );
if( ferror( f ) != 0 )
{
@ -314,7 +342,8 @@ int md4_file( const char *path, unsigned char output[16] )
/*
* MD4 HMAC context setup
*/
void md4_hmac_starts( md4_context *ctx, const unsigned char *key, size_t keylen )
void md4_hmac_starts( md4_context *ctx, const unsigned char *key,
size_t keylen )
{
size_t i;
unsigned char sum[16];
@ -338,13 +367,14 @@ void md4_hmac_starts( md4_context *ctx, const unsigned char *key, size_t keylen
md4_starts( ctx );
md4_update( ctx, ctx->ipad, 64 );
memset( sum, 0, sizeof( sum ) );
polarssl_zeroize( sum, sizeof( sum ) );
}
/*
* MD4 HMAC process buffer
*/
void md4_hmac_update( md4_context *ctx, const unsigned char *input, size_t ilen )
void md4_hmac_update( md4_context *ctx, const unsigned char *input,
size_t ilen )
{
md4_update( ctx, input, ilen );
}
@ -362,7 +392,7 @@ void md4_hmac_finish( md4_context *ctx, unsigned char output[16] )
md4_update( ctx, tmpbuf, 16 );
md4_finish( ctx, output );
memset( tmpbuf, 0, sizeof( tmpbuf ) );
polarssl_zeroize( tmpbuf, sizeof( tmpbuf ) );
}
/*
@ -383,11 +413,11 @@ void md4_hmac( const unsigned char *key, size_t keylen,
{
md4_context ctx;
md4_init( &ctx );
md4_hmac_starts( &ctx, key, keylen );
md4_hmac_update( &ctx, input, ilen );
md4_hmac_finish( &ctx, output );
memset( &ctx, 0, sizeof( md4_context ) );
md4_free( &ctx );
}
#if defined(POLARSSL_SELF_TEST)
@ -436,7 +466,7 @@ int md4_self_test( int verbose )
for( i = 0; i < 7; i++ )
{
if( verbose != 0 )
printf( " MD4 test #%d: ", i + 1 );
polarssl_printf( " MD4 test #%d: ", i + 1 );
md4( (unsigned char *) md4_test_str[i],
strlen( md4_test_str[i] ), md4sum );
@ -444,21 +474,21 @@ int md4_self_test( int verbose )
if( memcmp( md4sum, md4_test_sum[i], 16 ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
printf( "passed\n" );
polarssl_printf( "passed\n" );
}
if( verbose != 0 )
printf( "\n" );
polarssl_printf( "\n" );
return( 0 );
}
#endif
#endif /* POLARSSL_SELF_TEST */
#endif
#endif /* POLARSSL_MD4_C */

View File

@ -1,7 +1,7 @@
/*
* RFC 1321 compliant MD5 implementation
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -28,7 +28,11 @@
* http://www.ietf.org/rfc/rfc1321.txt
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_MD5_C)
@ -38,6 +42,17 @@
#include <stdio.h>
#endif
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#define polarssl_printf printf
#endif
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
#if !defined(POLARSSL_MD5_ALT)
/*
@ -63,6 +78,19 @@
}
#endif
void md5_init( md5_context *ctx )
{
memset( ctx, 0, sizeof( md5_context ) );
}
void md5_free( md5_context *ctx )
{
if( ctx == NULL )
return;
polarssl_zeroize( ctx, sizeof( md5_context ) );
}
/*
* MD5 context setup
*/
@ -208,7 +236,7 @@ void md5_update( md5_context *ctx, const unsigned char *input, size_t ilen )
size_t fill;
uint32_t left;
if( ilen <= 0 )
if( ilen == 0 )
return;
left = ctx->total[0] & 0x3F;
@ -287,11 +315,11 @@ void md5( const unsigned char *input, size_t ilen, unsigned char output[16] )
{
md5_context ctx;
md5_init( &ctx );
md5_starts( &ctx );
md5_update( &ctx, input, ilen );
md5_finish( &ctx, output );
memset( &ctx, 0, sizeof( md5_context ) );
md5_free( &ctx );
}
#if defined(POLARSSL_FS_IO)
@ -308,14 +336,14 @@ int md5_file( const char *path, unsigned char output[16] )
if( ( f = fopen( path, "rb" ) ) == NULL )
return( POLARSSL_ERR_MD5_FILE_IO_ERROR );
md5_init( &ctx );
md5_starts( &ctx );
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
md5_update( &ctx, buf, n );
md5_finish( &ctx, output );
memset( &ctx, 0, sizeof( md5_context ) );
md5_free( &ctx );
if( ferror( f ) != 0 )
{
@ -331,7 +359,8 @@ int md5_file( const char *path, unsigned char output[16] )
/*
* MD5 HMAC context setup
*/
void md5_hmac_starts( md5_context *ctx, const unsigned char *key, size_t keylen )
void md5_hmac_starts( md5_context *ctx, const unsigned char *key,
size_t keylen )
{
size_t i;
unsigned char sum[16];
@ -355,13 +384,14 @@ void md5_hmac_starts( md5_context *ctx, const unsigned char *key, size_t keylen
md5_starts( ctx );
md5_update( ctx, ctx->ipad, 64 );
memset( sum, 0, sizeof( sum ) );
polarssl_zeroize( sum, sizeof( sum ) );
}
/*
* MD5 HMAC process buffer
*/
void md5_hmac_update( md5_context *ctx, const unsigned char *input, size_t ilen )
void md5_hmac_update( md5_context *ctx, const unsigned char *input,
size_t ilen )
{
md5_update( ctx, input, ilen );
}
@ -379,7 +409,7 @@ void md5_hmac_finish( md5_context *ctx, unsigned char output[16] )
md5_update( ctx, tmpbuf, 16 );
md5_finish( ctx, output );
memset( tmpbuf, 0, sizeof( tmpbuf ) );
polarssl_zeroize( tmpbuf, sizeof( tmpbuf ) );
}
/*
@ -400,11 +430,11 @@ void md5_hmac( const unsigned char *key, size_t keylen,
{
md5_context ctx;
md5_init( &ctx );
md5_hmac_starts( &ctx, key, keylen );
md5_hmac_update( &ctx, input, ilen );
md5_hmac_finish( &ctx, output );
memset( &ctx, 0, sizeof( md5_context ) );
md5_free( &ctx );
}
#if defined(POLARSSL_SELF_TEST)
@ -522,29 +552,29 @@ int md5_self_test( int verbose )
for( i = 0; i < 7; i++ )
{
if( verbose != 0 )
printf( " MD5 test #%d: ", i + 1 );
polarssl_printf( " MD5 test #%d: ", i + 1 );
md5( md5_test_buf[i], md5_test_buflen[i], md5sum );
if( memcmp( md5sum, md5_test_sum[i], 16 ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
printf( "passed\n" );
polarssl_printf( "passed\n" );
}
if( verbose != 0 )
printf( "\n" );
polarssl_printf( "\n" );
for( i = 0; i < 7; i++ )
{
if( verbose != 0 )
printf( " HMAC-MD5 test #%d: ", i + 1 );
polarssl_printf( " HMAC-MD5 test #%d: ", i + 1 );
if( i == 5 || i == 6 )
{
@ -565,21 +595,21 @@ int md5_self_test( int verbose )
if( memcmp( md5sum, md5_hmac_test_sum[i], buflen ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
printf( "passed\n" );
polarssl_printf( "passed\n" );
}
if( verbose != 0 )
printf( "\n" );
polarssl_printf( "\n" );
return( 0 );
}
#endif
#endif /* POLARSSL_SELF_TEST */
#endif
#endif /* POLARSSL_MD5_C */

View File

@ -5,7 +5,7 @@
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -27,7 +27,11 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_MD_C)
@ -61,8 +65,8 @@
#include "polarssl/sha512.h"
#endif
#if defined(POLARSSL_MEMORY_C)
#include "polarssl/memory.h"
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#define polarssl_malloc malloc
#define polarssl_free free
@ -70,6 +74,11 @@
#include <stdlib.h>
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
#if defined(POLARSSL_MD2_C)
static void md2_starts_wrap( void *ctx )
@ -77,7 +86,8 @@ static void md2_starts_wrap( void *ctx )
md2_starts( (md2_context *) ctx );
}
static void md2_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
static void md2_update_wrap( void *ctx, const unsigned char *input,
size_t ilen )
{
md2_update( (md2_context *) ctx, input, ilen );
}
@ -94,16 +104,18 @@ static int md2_file_wrap( const char *path, unsigned char *output )
#else
((void) path);
((void) output);
return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE;
return( POLARSSL_ERR_MD_FEATURE_UNAVAILABLE );
#endif
}
static void md2_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
static void md2_hmac_starts_wrap( void *ctx, const unsigned char *key,
size_t keylen )
{
md2_hmac_starts( (md2_context *) ctx, key, keylen );
}
static void md2_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
static void md2_hmac_update_wrap( void *ctx, const unsigned char *input,
size_t ilen )
{
md2_hmac_update( (md2_context *) ctx, input, ilen );
}
@ -125,6 +137,7 @@ static void * md2_ctx_alloc( void )
static void md2_ctx_free( void *ctx )
{
polarssl_zeroize( ctx, sizeof( md2_context ) );
polarssl_free( ctx );
}
@ -154,7 +167,7 @@ const md_info_t md2_info = {
md2_process_wrap,
};
#endif
#endif /* POLARSSL_MD2_C */
#if defined(POLARSSL_MD4_C)
@ -163,7 +176,8 @@ static void md4_starts_wrap( void *ctx )
md4_starts( (md4_context *) ctx );
}
static void md4_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
static void md4_update_wrap( void *ctx, const unsigned char *input,
size_t ilen )
{
md4_update( (md4_context *) ctx, input, ilen );
}
@ -180,16 +194,18 @@ static int md4_file_wrap( const char *path, unsigned char *output )
#else
((void) path);
((void) output);
return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE;
return( POLARSSL_ERR_MD_FEATURE_UNAVAILABLE );
#endif
}
static void md4_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
static void md4_hmac_starts_wrap( void *ctx, const unsigned char *key,
size_t keylen )
{
md4_hmac_starts( (md4_context *) ctx, key, keylen );
}
static void md4_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
static void md4_hmac_update_wrap( void *ctx, const unsigned char *input,
size_t ilen )
{
md4_hmac_update( (md4_context *) ctx, input, ilen );
}
@ -211,6 +227,7 @@ static void *md4_ctx_alloc( void )
static void md4_ctx_free( void *ctx )
{
polarssl_zeroize( ctx, sizeof( md4_context ) );
polarssl_free( ctx );
}
@ -238,7 +255,7 @@ const md_info_t md4_info = {
md4_process_wrap,
};
#endif
#endif /* POLARSSL_MD4_C */
#if defined(POLARSSL_MD5_C)
@ -247,7 +264,8 @@ static void md5_starts_wrap( void *ctx )
md5_starts( (md5_context *) ctx );
}
static void md5_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
static void md5_update_wrap( void *ctx, const unsigned char *input,
size_t ilen )
{
md5_update( (md5_context *) ctx, input, ilen );
}
@ -264,16 +282,18 @@ static int md5_file_wrap( const char *path, unsigned char *output )
#else
((void) path);
((void) output);
return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE;
return( POLARSSL_ERR_MD_FEATURE_UNAVAILABLE );
#endif
}
static void md5_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
static void md5_hmac_starts_wrap( void *ctx, const unsigned char *key,
size_t keylen )
{
md5_hmac_starts( (md5_context *) ctx, key, keylen );
}
static void md5_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
static void md5_hmac_update_wrap( void *ctx, const unsigned char *input,
size_t ilen )
{
md5_hmac_update( (md5_context *) ctx, input, ilen );
}
@ -295,6 +315,7 @@ static void * md5_ctx_alloc( void )
static void md5_ctx_free( void *ctx )
{
polarssl_zeroize( ctx, sizeof( md5_context ) );
polarssl_free( ctx );
}
@ -322,7 +343,7 @@ const md_info_t md5_info = {
md5_process_wrap,
};
#endif
#endif /* POLARSSL_MD5_C */
#if defined(POLARSSL_RIPEMD160_C)
@ -331,7 +352,8 @@ static void ripemd160_starts_wrap( void *ctx )
ripemd160_starts( (ripemd160_context *) ctx );
}
static void ripemd160_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
static void ripemd160_update_wrap( void *ctx, const unsigned char *input,
size_t ilen )
{
ripemd160_update( (ripemd160_context *) ctx, input, ilen );
}
@ -348,16 +370,18 @@ static int ripemd160_file_wrap( const char *path, unsigned char *output )
#else
((void) path);
((void) output);
return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE;
return( POLARSSL_ERR_MD_FEATURE_UNAVAILABLE );
#endif
}
static void ripemd160_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
static void ripemd160_hmac_starts_wrap( void *ctx, const unsigned char *key,
size_t keylen )
{
ripemd160_hmac_starts( (ripemd160_context *) ctx, key, keylen );
}
static void ripemd160_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
static void ripemd160_hmac_update_wrap( void *ctx, const unsigned char *input,
size_t ilen )
{
ripemd160_hmac_update( (ripemd160_context *) ctx, input, ilen );
}
@ -374,11 +398,20 @@ static void ripemd160_hmac_reset_wrap( void *ctx )
static void * ripemd160_ctx_alloc( void )
{
return polarssl_malloc( sizeof( ripemd160_context ) );
ripemd160_context *ctx;
ctx = (ripemd160_context *) polarssl_malloc( sizeof( ripemd160_context ) );
if( ctx == NULL )
return( NULL );
ripemd160_init( ctx );
return( ctx );
}
static void ripemd160_ctx_free( void *ctx )
{
ripemd160_free( (ripemd160_context *) ctx );
polarssl_free( ctx );
}
@ -406,7 +439,7 @@ const md_info_t ripemd160_info = {
ripemd160_process_wrap,
};
#endif
#endif /* POLARSSL_RIPEMD160_C */
#if defined(POLARSSL_SHA1_C)
@ -415,7 +448,8 @@ static void sha1_starts_wrap( void *ctx )
sha1_starts( (sha1_context *) ctx );
}
static void sha1_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
static void sha1_update_wrap( void *ctx, const unsigned char *input,
size_t ilen )
{
sha1_update( (sha1_context *) ctx, input, ilen );
}
@ -432,16 +466,18 @@ static int sha1_file_wrap( const char *path, unsigned char *output )
#else
((void) path);
((void) output);
return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE;
return( POLARSSL_ERR_MD_FEATURE_UNAVAILABLE );
#endif
}
static void sha1_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
static void sha1_hmac_starts_wrap( void *ctx, const unsigned char *key,
size_t keylen )
{
sha1_hmac_starts( (sha1_context *) ctx, key, keylen );
}
static void sha1_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
static void sha1_hmac_update_wrap( void *ctx, const unsigned char *input,
size_t ilen )
{
sha1_hmac_update( (sha1_context *) ctx, input, ilen );
}
@ -458,11 +494,20 @@ static void sha1_hmac_reset_wrap( void *ctx )
static void * sha1_ctx_alloc( void )
{
return polarssl_malloc( sizeof( sha1_context ) );
sha1_context *ctx;
ctx = (sha1_context *) polarssl_malloc( sizeof( sha1_context ) );
if( ctx == NULL )
return( NULL );
sha1_init( ctx );
return( ctx );
}
static void sha1_ctx_free( void *ctx )
{
sha1_free( (sha1_context *) ctx );
polarssl_free( ctx );
}
@ -490,7 +535,7 @@ const md_info_t sha1_info = {
sha1_process_wrap,
};
#endif
#endif /* POLARSSL_SHA1_C */
/*
* Wrappers for generic message digests
@ -502,7 +547,8 @@ static void sha224_starts_wrap( void *ctx )
sha256_starts( (sha256_context *) ctx, 1 );
}
static void sha224_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
static void sha224_update_wrap( void *ctx, const unsigned char *input,
size_t ilen )
{
sha256_update( (sha256_context *) ctx, input, ilen );
}
@ -525,16 +571,18 @@ static int sha224_file_wrap( const char *path, unsigned char *output )
#else
((void) path);
((void) output);
return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE;
return( POLARSSL_ERR_MD_FEATURE_UNAVAILABLE );
#endif
}
static void sha224_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
static void sha224_hmac_starts_wrap( void *ctx, const unsigned char *key,
size_t keylen )
{
sha256_hmac_starts( (sha256_context *) ctx, key, keylen, 1 );
}
static void sha224_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
static void sha224_hmac_update_wrap( void *ctx, const unsigned char *input,
size_t ilen )
{
sha256_hmac_update( (sha256_context *) ctx, input, ilen );
}
@ -563,6 +611,7 @@ static void * sha224_ctx_alloc( void )
static void sha224_ctx_free( void *ctx )
{
polarssl_zeroize( ctx, sizeof( sha256_context ) );
polarssl_free( ctx );
}
@ -595,7 +644,8 @@ static void sha256_starts_wrap( void *ctx )
sha256_starts( (sha256_context *) ctx, 0 );
}
static void sha256_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
static void sha256_update_wrap( void *ctx, const unsigned char *input,
size_t ilen )
{
sha256_update( (sha256_context *) ctx, input, ilen );
}
@ -618,16 +668,18 @@ static int sha256_file_wrap( const char *path, unsigned char *output )
#else
((void) path);
((void) output);
return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE;
return( POLARSSL_ERR_MD_FEATURE_UNAVAILABLE );
#endif
}
static void sha256_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
static void sha256_hmac_starts_wrap( void *ctx, const unsigned char *key,
size_t keylen )
{
sha256_hmac_starts( (sha256_context *) ctx, key, keylen, 0 );
}
static void sha256_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
static void sha256_hmac_update_wrap( void *ctx, const unsigned char *input,
size_t ilen )
{
sha256_hmac_update( (sha256_context *) ctx, input, ilen );
}
@ -651,11 +703,20 @@ static void sha256_hmac_wrap( const unsigned char *key, size_t keylen,
static void * sha256_ctx_alloc( void )
{
return polarssl_malloc( sizeof( sha256_context ) );
sha256_context *ctx;
ctx = (sha256_context *) polarssl_malloc( sizeof( sha256_context ) );
if( ctx == NULL )
return( NULL );
sha256_init( ctx );
return( ctx );
}
static void sha256_ctx_free( void *ctx )
{
sha256_free( (sha256_context *) ctx );
polarssl_free( ctx );
}
@ -683,7 +744,7 @@ const md_info_t sha256_info = {
sha256_process_wrap,
};
#endif
#endif /* POLARSSL_SHA256_C */
#if defined(POLARSSL_SHA512_C)
@ -692,7 +753,8 @@ static void sha384_starts_wrap( void *ctx )
sha512_starts( (sha512_context *) ctx, 1 );
}
static void sha384_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
static void sha384_update_wrap( void *ctx, const unsigned char *input,
size_t ilen )
{
sha512_update( (sha512_context *) ctx, input, ilen );
}
@ -715,16 +777,18 @@ static int sha384_file_wrap( const char *path, unsigned char *output )
#else
((void) path);
((void) output);
return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE;
return( POLARSSL_ERR_MD_FEATURE_UNAVAILABLE );
#endif
}
static void sha384_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
static void sha384_hmac_starts_wrap( void *ctx, const unsigned char *key,
size_t keylen )
{
sha512_hmac_starts( (sha512_context *) ctx, key, keylen, 1 );
}
static void sha384_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
static void sha384_hmac_update_wrap( void *ctx, const unsigned char *input,
size_t ilen )
{
sha512_hmac_update( (sha512_context *) ctx, input, ilen );
}
@ -753,6 +817,7 @@ static void * sha384_ctx_alloc( void )
static void sha384_ctx_free( void *ctx )
{
polarssl_zeroize( ctx, sizeof( sha512_context ) );
polarssl_free( ctx );
}
@ -785,7 +850,8 @@ static void sha512_starts_wrap( void *ctx )
sha512_starts( (sha512_context *) ctx, 0 );
}
static void sha512_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
static void sha512_update_wrap( void *ctx, const unsigned char *input,
size_t ilen )
{
sha512_update( (sha512_context *) ctx, input, ilen );
}
@ -808,16 +874,18 @@ static int sha512_file_wrap( const char *path, unsigned char *output )
#else
((void) path);
((void) output);
return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE;
return( POLARSSL_ERR_MD_FEATURE_UNAVAILABLE );
#endif
}
static void sha512_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen )
static void sha512_hmac_starts_wrap( void *ctx, const unsigned char *key,
size_t keylen )
{
sha512_hmac_starts( (sha512_context *) ctx, key, keylen, 0 );
}
static void sha512_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen )
static void sha512_hmac_update_wrap( void *ctx, const unsigned char *input,
size_t ilen )
{
sha512_hmac_update( (sha512_context *) ctx, input, ilen );
}
@ -841,11 +909,20 @@ static void sha512_hmac_wrap( const unsigned char *key, size_t keylen,
static void * sha512_ctx_alloc( void )
{
return polarssl_malloc( sizeof( sha512_context ) );
sha512_context *ctx;
ctx = (sha512_context *) polarssl_malloc( sizeof( sha512_context ) );
if( ctx == NULL )
return( NULL );
sha512_init( ctx );
return( ctx );
}
static void sha512_ctx_free( void *ctx )
{
sha512_free( (sha512_context *) ctx );
polarssl_free( ctx );
}
@ -873,6 +950,6 @@ const md_info_t sha512_info = {
sha512_process_wrap,
};
#endif
#endif /* POLARSSL_SHA512_C */
#endif
#endif /* POLARSSL_MD_C */

View File

@ -1,63 +0,0 @@
/*
* Memory allocation layer
*
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "polarssl/config.h"
#if defined(POLARSSL_MEMORY_C)
#include "polarssl/memory.h"
#if !defined(POLARSSL_MEMORY_STDMALLOC)
static void *memory_malloc_uninit( size_t len )
{
((void) len);
return( NULL );
}
#define POLARSSL_MEMORY_STDMALLOC memory_malloc_uninit
#endif /* !POLARSSL_MEMORY_STDMALLOC */
#if !defined(POLARSSL_MEMORY_STDFREE)
static void memory_free_uninit( void *ptr )
{
((void) ptr);
}
#define POLARSSL_MEMORY_STDFREE memory_free_uninit
#endif /* !POLARSSL_MEMORY_STDFREE */
void * (*polarssl_malloc)( size_t ) = POLARSSL_MEMORY_STDMALLOC;
void (*polarssl_free)( void * ) = POLARSSL_MEMORY_STDFREE;
int memory_set_own( void * (*malloc_func)( size_t ),
void (*free_func)( void * ) )
{
polarssl_malloc = malloc_func;
polarssl_free = free_func;
return( 0 );
}
#endif /* POLARSSL_MEMORY_C */

View File

@ -1,7 +1,7 @@
/*
* Buffer-based memory allocator
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -23,11 +23,15 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_MEMORY_C) && defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
#include "polarssl/memory.h"
#include "polarssl/memory_buffer_alloc.h"
#include <string.h>
@ -42,6 +46,17 @@
#include "polarssl/threading.h"
#endif
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#define polarssl_fprintf fprintf
#endif
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
#define MAGIC1 0xFF00AA55
#define MAGIC2 0xEE119966
#define MAX_BT 20
@ -94,17 +109,18 @@ static void debug_header( memory_header *hdr )
size_t i;
#endif
fprintf( stderr, "HDR: PTR(%10u), PREV(%10u), NEXT(%10u), ALLOC(%u), SIZE(%10u)\n",
polarssl_fprintf( stderr, "HDR: PTR(%10u), PREV(%10u), NEXT(%10u), "
"ALLOC(%u), SIZE(%10u)\n",
(size_t) hdr, (size_t) hdr->prev, (size_t) hdr->next,
hdr->alloc, hdr->size );
fprintf( stderr, " FPREV(%10u), FNEXT(%10u)\n",
polarssl_fprintf( stderr, " FPREV(%10u), FNEXT(%10u)\n",
(size_t) hdr->prev_free, (size_t) hdr->next_free );
#if defined(POLARSSL_MEMORY_BACKTRACE)
fprintf( stderr, "TRACE: \n" );
polarssl_fprintf( stderr, "TRACE: \n" );
for( i = 0; i < hdr->trace_count; i++ )
fprintf( stderr, "%s\n", hdr->trace[i] );
fprintf( stderr, "\n" );
polarssl_fprintf( stderr, "%s\n", hdr->trace[i] );
polarssl_fprintf( stderr, "\n" );
#endif
}
@ -112,14 +128,14 @@ static void debug_chain()
{
memory_header *cur = heap.first;
fprintf( stderr, "\nBlock list\n" );
polarssl_fprintf( stderr, "\nBlock list\n" );
while( cur != NULL )
{
debug_header( cur );
cur = cur->next;
}
fprintf( stderr, "Free list\n" );
polarssl_fprintf( stderr, "Free list\n" );
cur = heap.first_free;
while( cur != NULL )
@ -135,7 +151,7 @@ static int verify_header( memory_header *hdr )
if( hdr->magic1 != MAGIC1 )
{
#if defined(POLARSSL_MEMORY_DEBUG)
fprintf( stderr, "FATAL: MAGIC1 mismatch\n" );
polarssl_fprintf( stderr, "FATAL: MAGIC1 mismatch\n" );
#endif
return( 1 );
}
@ -143,7 +159,7 @@ static int verify_header( memory_header *hdr )
if( hdr->magic2 != MAGIC2 )
{
#if defined(POLARSSL_MEMORY_DEBUG)
fprintf( stderr, "FATAL: MAGIC2 mismatch\n" );
polarssl_fprintf( stderr, "FATAL: MAGIC2 mismatch\n" );
#endif
return( 1 );
}
@ -151,7 +167,7 @@ static int verify_header( memory_header *hdr )
if( hdr->alloc > 1 )
{
#if defined(POLARSSL_MEMORY_DEBUG)
fprintf( stderr, "FATAL: alloc has illegal value\n" );
polarssl_fprintf( stderr, "FATAL: alloc has illegal value\n" );
#endif
return( 1 );
}
@ -159,7 +175,7 @@ static int verify_header( memory_header *hdr )
if( hdr->prev != NULL && hdr->prev == hdr->next )
{
#if defined(POLARSSL_MEMORY_DEBUG)
fprintf( stderr, "FATAL: prev == next\n" );
polarssl_fprintf( stderr, "FATAL: prev == next\n" );
#endif
return( 1 );
}
@ -167,7 +183,7 @@ static int verify_header( memory_header *hdr )
if( hdr->prev_free != NULL && hdr->prev_free == hdr->next_free )
{
#if defined(POLARSSL_MEMORY_DEBUG)
fprintf( stderr, "FATAL: prev_free == next_free\n" );
polarssl_fprintf( stderr, "FATAL: prev_free == next_free\n" );
#endif
return( 1 );
}
@ -182,7 +198,8 @@ static int verify_chain()
if( verify_header( heap.first ) != 0 )
{
#if defined(POLARSSL_MEMORY_DEBUG)
fprintf( stderr, "FATAL: verification of first header failed\n" );
polarssl_fprintf( stderr, "FATAL: verification of first header "
"failed\n" );
#endif
return( 1 );
}
@ -190,7 +207,8 @@ static int verify_chain()
if( heap.first->prev != NULL )
{
#if defined(POLARSSL_MEMORY_DEBUG)
fprintf( stderr, "FATAL: verification failed: first->prev != NULL\n" );
polarssl_fprintf( stderr, "FATAL: verification failed: "
"first->prev != NULL\n" );
#endif
return( 1 );
}
@ -200,7 +218,8 @@ static int verify_chain()
if( verify_header( cur ) != 0 )
{
#if defined(POLARSSL_MEMORY_DEBUG)
fprintf( stderr, "FATAL: verification of header failed\n" );
polarssl_fprintf( stderr, "FATAL: verification of header "
"failed\n" );
#endif
return( 1 );
}
@ -208,7 +227,8 @@ static int verify_chain()
if( cur->prev != prv )
{
#if defined(POLARSSL_MEMORY_DEBUG)
fprintf( stderr, "FATAL: verification failed: cur->prev != prv\n" );
polarssl_fprintf( stderr, "FATAL: verification failed: "
"cur->prev != prv\n" );
#endif
return( 1 );
}
@ -254,7 +274,8 @@ static void *buffer_alloc_malloc( size_t len )
if( cur->alloc != 0 )
{
#if defined(POLARSSL_MEMORY_DEBUG)
fprintf( stderr, "FATAL: block in free_list but allocated data\n" );
polarssl_fprintf( stderr, "FATAL: block in free_list but allocated "
"data\n" );
#endif
exit( 1 );
}
@ -265,7 +286,8 @@ static void *buffer_alloc_malloc( size_t len )
// Found location, split block if > memory_header + 4 room left
//
if( cur->size - len < sizeof(memory_header) + POLARSSL_MEMORY_ALIGN_MULTIPLE )
if( cur->size - len < sizeof(memory_header) +
POLARSSL_MEMORY_ALIGN_MULTIPLE )
{
cur->alloc = 1;
@ -284,7 +306,7 @@ static void *buffer_alloc_malloc( size_t len )
#if defined(POLARSSL_MEMORY_DEBUG)
heap.total_used += cur->size;
if( heap.total_used > heap.maximum_used)
if( heap.total_used > heap.maximum_used )
heap.maximum_used = heap.total_used;
#endif
#if defined(POLARSSL_MEMORY_BACKTRACE)
@ -296,7 +318,7 @@ static void *buffer_alloc_malloc( size_t len )
if( ( heap.verify & MEMORY_VERIFY_ALLOC ) && verify_chain() != 0 )
exit( 1 );
return ( (unsigned char *) cur ) + sizeof(memory_header);
return( ( (unsigned char *) cur ) + sizeof(memory_header) );
}
p = ( (unsigned char *) cur ) + sizeof(memory_header) + len;
@ -339,7 +361,7 @@ static void *buffer_alloc_malloc( size_t len )
if( heap.header_count > heap.maximum_header_count )
heap.maximum_header_count = heap.header_count;
heap.total_used += cur->size;
if( heap.total_used > heap.maximum_used)
if( heap.total_used > heap.maximum_used )
heap.maximum_used = heap.total_used;
#endif
#if defined(POLARSSL_MEMORY_BACKTRACE)
@ -351,7 +373,7 @@ static void *buffer_alloc_malloc( size_t len )
if( ( heap.verify & MEMORY_VERIFY_ALLOC ) && verify_chain() != 0 )
exit( 1 );
return ( (unsigned char *) cur ) + sizeof(memory_header);
return( ( (unsigned char *) cur ) + sizeof(memory_header) );
}
static void buffer_alloc_free( void *ptr )
@ -365,7 +387,8 @@ static void buffer_alloc_free( void *ptr )
if( p < heap.buf || p > heap.buf + heap.len )
{
#if defined(POLARSSL_MEMORY_DEBUG)
fprintf( stderr, "FATAL: polarssl_free() outside of managed space\n" );
polarssl_fprintf( stderr, "FATAL: polarssl_free() outside of managed "
"space\n" );
#endif
exit( 1 );
}
@ -379,7 +402,8 @@ static void buffer_alloc_free( void *ptr )
if( hdr->alloc != 1 )
{
#if defined(POLARSSL_MEMORY_DEBUG)
fprintf( stderr, "FATAL: polarssl_free() on unallocated data\n" );
polarssl_fprintf( stderr, "FATAL: polarssl_free() on unallocated "
"data\n" );
#endif
exit( 1 );
}
@ -486,8 +510,9 @@ int memory_buffer_alloc_verify()
#if defined(POLARSSL_MEMORY_DEBUG)
void memory_buffer_alloc_status()
{
fprintf( stderr,
"Current use: %u blocks / %u bytes, max: %u blocks / %u bytes (total %u bytes), malloc / free: %u / %u\n",
polarssl_fprintf( stderr,
"Current use: %u blocks / %u bytes, max: %u blocks / "
"%u bytes (total %u bytes), malloc / free: %u / %u\n",
heap.header_count, heap.total_used,
heap.maximum_header_count, heap.maximum_used,
heap.maximum_header_count * sizeof( memory_header )
@ -495,14 +520,14 @@ void memory_buffer_alloc_status()
heap.malloc_count, heap.free_count );
if( heap.first->next == NULL )
fprintf( stderr, "All memory de-allocated in stack buffer\n" );
polarssl_fprintf( stderr, "All memory de-allocated in stack buffer\n" );
else
{
fprintf( stderr, "Memory currently allocated:\n" );
polarssl_fprintf( stderr, "Memory currently allocated:\n" );
debug_chain();
}
}
#endif /* POLARSSL_MEMORY_BUFFER_ALLOC_DEBUG */
#endif /* POLARSSL_MEMORY_DEBUG */
#if defined(POLARSSL_THREADING_C)
static void *buffer_alloc_malloc_mutexed( size_t len )
@ -520,7 +545,7 @@ static void buffer_alloc_free_mutexed( void *ptr )
buffer_alloc_free( ptr );
polarssl_mutex_unlock( &heap.mutex );
}
#endif
#endif /* POLARSSL_THREADING_C */
int memory_buffer_alloc_init( unsigned char *buf, size_t len )
{
@ -529,13 +554,19 @@ int memory_buffer_alloc_init( unsigned char *buf, size_t len )
#if defined(POLARSSL_THREADING_C)
polarssl_mutex_init( &heap.mutex );
polarssl_malloc = buffer_alloc_malloc_mutexed;
polarssl_free = buffer_alloc_free_mutexed;
platform_set_malloc_free( buffer_alloc_malloc_mutexed,
buffer_alloc_free_mutexed );
#else
polarssl_malloc = buffer_alloc_malloc;
polarssl_free = buffer_alloc_free;
platform_set_malloc_free( buffer_alloc_malloc, buffer_alloc_free );
#endif
if( (size_t) buf % POLARSSL_MEMORY_ALIGN_MULTIPLE )
{
buf += POLARSSL_MEMORY_ALIGN_MULTIPLE
- (size_t) buf % POLARSSL_MEMORY_ALIGN_MULTIPLE;
len -= (size_t) buf % POLARSSL_MEMORY_ALIGN_MULTIPLE;
}
heap.buf = buf;
heap.len = len;
@ -552,7 +583,7 @@ void memory_buffer_alloc_free()
#if defined(POLARSSL_THREADING_C)
polarssl_mutex_free( &heap.mutex );
#endif
memset( &heap, 0, sizeof(buffer_alloc_ctx) );
polarssl_zeroize( &heap, sizeof(buffer_alloc_ctx) );
}
#endif /* POLARSSL_MEMORY_C && POLARSSL_MEMORY_BUFFER_ALLOC_C */
#endif /* POLARSSL_MEMORY_BUFFER_ALLOC_C */

View File

@ -1,7 +1,7 @@
/*
* TCP networking functions
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -23,7 +23,11 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_NET_C)
@ -33,6 +37,10 @@
!defined(EFI32)
#if defined(POLARSSL_HAVE_IPV6)
#ifdef _WIN32_WINNT
#undef _WIN32_WINNT
#endif
/* Enables getaddrinfo() & Co */
#define _WIN32_WINNT 0x0501
#include <ws2tcpip.h>
#endif
@ -54,7 +62,7 @@
static int wsa_init_done = 0;
#else
#else /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
#include <sys/types.h>
#include <sys/socket.h>
@ -70,7 +78,7 @@ static int wsa_init_done = 0;
#include <errno.h>
#if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) || \
defined(__DragonflyBSD__)
defined(__DragonFly__)
#include <sys/endian.h>
#elif defined(__APPLE__) || defined(HAVE_MACHINE_ENDIAN_H) || \
defined(EFIX64) || defined(EFI32)
@ -83,7 +91,7 @@ static int wsa_init_done = 0;
#include <endian.h>
#endif
#endif
#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
#include <stdlib.h>
#include <stdio.h>
@ -106,10 +114,11 @@ typedef UINT32 uint32_t;
/*
* htons() is not always available.
* By default go for LITTLE_ENDIAN variant. Otherwise hope for _BYTE_ORDER and __BIG_ENDIAN
* to help determine endianness.
* By default go for LITTLE_ENDIAN variant. Otherwise hope for _BYTE_ORDER and
* __BIG_ENDIAN to help determine endianness.
*/
#if defined(__BYTE_ORDER) && defined(__BIG_ENDIAN) && __BYTE_ORDER == __BIG_ENDIAN
#if defined(__BYTE_ORDER) && defined(__BIG_ENDIAN) && \
__BYTE_ORDER == __BIG_ENDIAN
#define POLARSSL_HTONS(n) (n)
#define POLARSSL_HTONL(n) (n)
#else
@ -121,8 +130,8 @@ typedef UINT32 uint32_t;
(((unsigned long )(n) & 0xFF000000) >> 24))
#endif
unsigned short net_htons(unsigned short n);
unsigned long net_htonl(unsigned long n);
unsigned short net_htons( unsigned short n );
unsigned long net_htonl( unsigned long n );
#define net_htons(n) POLARSSL_HTONS(n)
#define net_htonl(n) POLARSSL_HTONL(n)
@ -137,7 +146,7 @@ static int net_prepare( void )
if( wsa_init_done == 0 )
{
if( WSAStartup( MAKEWORD(2,0), &wsaData ) == SOCKET_ERROR )
if( WSAStartup( MAKEWORD(2,0), &wsaData ) != 0 )
return( POLARSSL_ERR_NET_SOCKET_FAILED );
wsa_init_done = 1;
@ -277,8 +286,13 @@ int net_bind( int *fd, const char *bind_ip, int port )
}
n = 1;
setsockopt( *fd, SOL_SOCKET, SO_REUSEADDR,
(const char *) &n, sizeof( n ) );
if( setsockopt( *fd, SOL_SOCKET, SO_REUSEADDR,
(const char *) &n, sizeof( n ) ) != 0 )
{
close( *fd );
ret = POLARSSL_ERR_NET_SOCKET_FAILED;
continue;
}
if( bind( *fd, cur->ai_addr, cur->ai_addrlen ) != 0 )
{
@ -365,6 +379,7 @@ int net_bind( int *fd, const char *bind_ip, int port )
*/
static int net_would_block( int fd )
{
((void) fd);
return( WSAGetLastError() == WSAEWOULDBLOCK );
}
#else
@ -394,7 +409,7 @@ static int net_would_block( int fd )
}
return( 0 );
}
#endif
#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
/*
* Accept a connection from a remote client
@ -558,4 +573,4 @@ void net_close( int fd )
close( fd );
}
#endif
#endif /* POLARSSL_NET_C */

View File

@ -3,7 +3,7 @@
*
* \brief Object Identifier (OID) database
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -25,7 +25,11 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_OID_C)
@ -72,7 +76,7 @@ static const TYPE_T * oid_ ## NAME ## _from_asn1( const asn1_buf *oid ) \
int FN_NAME( const asn1_buf *oid, ATTR1_TYPE * ATTR1 ) \
{ \
const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid ); \
if( data == NULL ) return ( POLARSSL_ERR_OID_NOT_FOUND ); \
if( data == NULL ) return( POLARSSL_ERR_OID_NOT_FOUND ); \
*ATTR1 = data->descriptor.ATTR1; \
return( 0 ); \
}
@ -85,7 +89,7 @@ int FN_NAME( const asn1_buf *oid, ATTR1_TYPE * ATTR1 ) \
int FN_NAME( const asn1_buf *oid, ATTR1_TYPE * ATTR1 ) \
{ \
const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid ); \
if( data == NULL ) return ( POLARSSL_ERR_OID_NOT_FOUND ); \
if( data == NULL ) return( POLARSSL_ERR_OID_NOT_FOUND ); \
*ATTR1 = data->ATTR1; \
return( 0 ); \
}
@ -99,7 +103,7 @@ int FN_NAME( const asn1_buf *oid, ATTR1_TYPE * ATTR1 ) \
int FN_NAME( const asn1_buf *oid, ATTR1_TYPE * ATTR1, ATTR2_TYPE * ATTR2 ) \
{ \
const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid ); \
if( data == NULL ) return ( POLARSSL_ERR_OID_NOT_FOUND ); \
if( data == NULL ) return( POLARSSL_ERR_OID_NOT_FOUND ); \
*ATTR1 = data->ATTR1; \
*ATTR2 = data->ATTR2; \
return( 0 ); \
@ -195,6 +199,38 @@ static const oid_x520_attr_t oid_x520_attr_type[] =
{ ADD_LEN( OID_AT_POSTAL_CODE ), "id-at-postalCode", "Postal code" },
"postalCode",
},
{
{ ADD_LEN( OID_AT_SUR_NAME ), "id-at-surName", "Surname" },
"SN",
},
{
{ ADD_LEN( OID_AT_GIVEN_NAME ), "id-at-givenName", "Given name" },
"GN",
},
{
{ ADD_LEN( OID_AT_INITIALS ), "id-at-initials", "Initials" },
"initials",
},
{
{ ADD_LEN( OID_AT_GENERATION_QUALIFIER ), "id-at-generationQualifier", "Generation qualifier" },
"generationQualifier",
},
{
{ ADD_LEN( OID_AT_TITLE ), "id-at-title", "Title" },
"title",
},
{
{ ADD_LEN( OID_AT_DN_QUALIFIER ),"id-at-dnQualifier", "Distinguished Name qualifier" },
"dnQualifier",
},
{
{ ADD_LEN( OID_AT_PSEUDONYM ), "id-at-pseudonym", "Pseudonym" },
"pseudonym",
},
{
{ ADD_LEN( OID_DOMAIN_COMPONENT ), "id-domainComponent", "Domain component" },
"DC",
},
{
{ NULL, 0, NULL, NULL },
NULL,
@ -327,6 +363,10 @@ static const oid_sig_alg_t oid_sig_alg[] =
{ ADD_LEN( OID_ECDSA_SHA512 ), "ecdsa-with-SHA512", "ECDSA with SHA512" },
POLARSSL_MD_SHA512, POLARSSL_PK_ECDSA,
},
{
{ ADD_LEN( OID_RSASSA_PSS ), "RSASSA-PSS", "RSASSA-PSS" },
POLARSSL_MD_NONE, POLARSSL_PK_RSASSA_PSS,
},
{
{ NULL, 0, NULL, NULL },
0, 0,
@ -493,10 +533,6 @@ static const oid_md_alg_t oid_md_alg[] =
{ ADD_LEN( OID_DIGEST_ALG_SHA1 ), "id-sha1", "SHA-1" },
POLARSSL_MD_SHA1,
},
{
{ ADD_LEN( OID_DIGEST_ALG_SHA1 ), "id-sha1", "SHA-1" },
POLARSSL_MD_SHA1,
},
{
{ ADD_LEN( OID_DIGEST_ALG_SHA224 ), "id-sha224", "SHA-224" },
POLARSSL_MD_SHA224,
@ -569,7 +605,7 @@ FN_OID_GET_ATTR2(oid_get_pkcs12_pbe_alg, oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, m
* This fuction tries to 'fix' this by at least suggesting enlarging the
* size by 20.
*/
static int compat_snprintf(char *str, size_t size, const char *format, ...)
static int compat_snprintf( char *str, size_t size, const char *format, ... )
{
va_list ap;
int res = -1;
@ -581,25 +617,23 @@ static int compat_snprintf(char *str, size_t size, const char *format, ...)
va_end( ap );
// No quick fix possible
if ( res < 0 )
if( res < 0 )
return( (int) size + 20 );
return res;
return( res );
}
#define snprintf compat_snprintf
#endif
#define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
#endif /* _MSC_VER && !snprintf && !EFIX64 && !EFI32 */
#define SAFE_SNPRINTF() \
{ \
if( ret == -1 ) \
return( -1 ); \
return( POLARSSL_ERR_OID_BUF_TOO_SMALL ); \
\
if ( (unsigned int) ret > n ) { \
if( (unsigned int) ret >= n ) { \
p[n - 1] = '\0'; \
return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
return( POLARSSL_ERR_OID_BUF_TOO_SMALL ); \
} \
\
n -= (unsigned int) ret; \
@ -629,8 +663,8 @@ int oid_get_numeric_string( char *buf, size_t size,
for( i = 1; i < oid->len; i++ )
{
/* Prevent overflow in value. */
if ( ( ( value << 7 ) >> 7 ) != value )
return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL );
if( ( ( value << 7 ) >> 7 ) != value )
return( POLARSSL_ERR_OID_BUF_TOO_SMALL );
value <<= 7;
value += oid->p[i] & 0x7F;

View File

@ -1,7 +1,7 @@
/*
* VIA PadLock support functions
*
* Copyright (C) 2006-2010, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -29,7 +29,11 @@
* programming_guide.pdf
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_PADLOCK_C)
@ -47,17 +51,17 @@ int padlock_supports( int feature )
if( flags == -1 )
{
asm( "movl %%ebx, %0 \n" \
"movl $0xC0000000, %%eax \n" \
"cpuid \n" \
"cmpl $0xC0000001, %%eax \n" \
"movl $0, %%edx \n" \
"jb unsupported \n" \
"movl $0xC0000001, %%eax \n" \
"cpuid \n" \
"unsupported: \n" \
"movl %%edx, %1 \n" \
"movl %2, %%ebx \n"
asm( "movl %%ebx, %0 \n\t"
"movl $0xC0000000, %%eax \n\t"
"cpuid \n\t"
"cmpl $0xC0000001, %%eax \n\t"
"movl $0, %%edx \n\t"
"jb unsupported \n\t"
"movl $0xC0000001, %%eax \n\t"
"cpuid \n\t"
"unsupported: \n\t"
"movl %%edx, %1 \n\t"
"movl %2, %%ebx \n\t"
: "=m" (ebx), "=m" (edx)
: "m" (ebx)
: "eax", "ecx", "edx" );
@ -89,15 +93,16 @@ int padlock_xcryptecb( aes_context *ctx,
ctrl = blk + 4;
*ctrl = 0x80 | ctx->nr | ( ( ctx->nr + ( mode^1 ) - 10 ) << 9 );
asm( "pushfl; popfl \n" \
"movl %%ebx, %0 \n" \
"movl $1, %%ecx \n" \
"movl %2, %%edx \n" \
"movl %3, %%ebx \n" \
"movl %4, %%esi \n" \
"movl %4, %%edi \n" \
".byte 0xf3,0x0f,0xa7,0xc8\n" \
"movl %1, %%ebx \n"
asm( "pushfl \n\t"
"popfl \n\t"
"movl %%ebx, %0 \n\t"
"movl $1, %%ecx \n\t"
"movl %2, %%edx \n\t"
"movl %3, %%ebx \n\t"
"movl %4, %%esi \n\t"
"movl %4, %%edi \n\t"
".byte 0xf3,0x0f,0xa7,0xc8 \n\t"
"movl %1, %%ebx \n\t"
: "=m" (ebx)
: "m" (ebx), "m" (ctrl), "m" (rk), "m" (blk)
: "ecx", "edx", "esi", "edi" );
@ -133,20 +138,21 @@ int padlock_xcryptcbc( aes_context *ctx,
memcpy( iw, iv, 16 );
ctrl = iw + 4;
*ctrl = 0x80 | ctx->nr | ( ( ctx->nr + (mode^1) - 10 ) << 9 );
*ctrl = 0x80 | ctx->nr | ( ( ctx->nr + ( mode ^ 1 ) - 10 ) << 9 );
count = (length + 15) >> 4;
count = ( length + 15 ) >> 4;
asm( "pushfl; popfl \n" \
"movl %%ebx, %0 \n" \
"movl %2, %%ecx \n" \
"movl %3, %%edx \n" \
"movl %4, %%ebx \n" \
"movl %5, %%esi \n" \
"movl %6, %%edi \n" \
"movl %7, %%eax \n" \
".byte 0xf3,0x0f,0xa7,0xd0\n" \
"movl %1, %%ebx \n"
asm( "pushfl \n\t"
"popfl \n\t"
"movl %%ebx, %0 \n\t"
"movl %2, %%ecx \n\t"
"movl %3, %%edx \n\t"
"movl %4, %%ebx \n\t"
"movl %5, %%esi \n\t"
"movl %6, %%edi \n\t"
"movl %7, %%eax \n\t"
".byte 0xf3,0x0f,0xa7,0xd0 \n\t"
"movl %1, %%ebx \n\t"
: "=m" (ebx)
: "m" (ebx), "m" (count), "m" (ctrl),
"m" (rk), "m" (input), "m" (output), "m" (iw)
@ -157,6 +163,6 @@ int padlock_xcryptcbc( aes_context *ctx,
return( 0 );
}
#endif
#endif /* POLARSSL_HAVE_X86 */
#endif
#endif /* POLARSSL_PADLOCK_C */

View File

@ -6,7 +6,7 @@
*
* \author Mathias Olsson <mathias@kompetensum.com>
*
* Copyright (C) 2006-2012, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -34,7 +34,11 @@
* http://tools.ietf.org/html/rfc6070 (Test vectors)
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_PBKDF2_C)

View File

@ -1,7 +1,7 @@
/*
* Privacy Enhanced Mail (PEM) decoding
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -23,7 +23,11 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_PEM_PARSE_C) || defined(POLARSSL_PEM_WRITE_C)
#include "polarssl/pem.h"
@ -33,8 +37,8 @@
#include "polarssl/md5.h"
#include "polarssl/cipher.h"
#if defined(POLARSSL_MEMORY_C)
#include "polarssl/memory.h"
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#define polarssl_malloc malloc
#define polarssl_free free
@ -42,6 +46,11 @@
#include <stdlib.h>
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
#if defined(POLARSSL_PEM_PARSE_C)
void pem_init( pem_context *ctx )
{
@ -53,7 +62,8 @@ void pem_init( pem_context *ctx )
/*
* Read a 16-byte hex string and convert it to binary
*/
static int pem_get_iv( const unsigned char *s, unsigned char *iv, size_t iv_len )
static int pem_get_iv( const unsigned char *s, unsigned char *iv,
size_t iv_len )
{
size_t i, j, k;
@ -82,6 +92,8 @@ static void pem_pbkdf1( unsigned char *key, size_t keylen,
unsigned char md5sum[16];
size_t use_len;
md5_init( &md5_ctx );
/*
* key[ 0..15] = MD5(pwd || IV)
*/
@ -94,8 +106,8 @@ static void pem_pbkdf1( unsigned char *key, size_t keylen,
{
memcpy( key, md5sum, keylen );
memset( &md5_ctx, 0, sizeof( md5_ctx ) );
memset( md5sum, 0, 16 );
md5_free( &md5_ctx );
polarssl_zeroize( md5sum, 16 );
return;
}
@ -116,8 +128,8 @@ static void pem_pbkdf1( unsigned char *key, size_t keylen,
memcpy( key + 16, md5sum, use_len );
memset( &md5_ctx, 0, sizeof( md5_ctx ) );
memset( md5sum, 0, 16 );
md5_free( &md5_ctx );
polarssl_zeroize( md5sum, 16 );
}
#if defined(POLARSSL_DES_C)
@ -131,14 +143,16 @@ static void pem_des_decrypt( unsigned char des_iv[8],
des_context des_ctx;
unsigned char des_key[8];
des_init( &des_ctx );
pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen );
des_setkey_dec( &des_ctx, des_key );
des_crypt_cbc( &des_ctx, DES_DECRYPT, buflen,
des_iv, buf, buf );
memset( &des_ctx, 0, sizeof( des_ctx ) );
memset( des_key, 0, 8 );
des_free( &des_ctx );
polarssl_zeroize( des_key, 8 );
}
/*
@ -151,14 +165,16 @@ static void pem_des3_decrypt( unsigned char des3_iv[8],
des3_context des3_ctx;
unsigned char des3_key[24];
des3_init( &des3_ctx );
pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen );
des3_set3key_dec( &des3_ctx, des3_key );
des3_crypt_cbc( &des3_ctx, DES_DECRYPT, buflen,
des3_iv, buf, buf );
memset( &des3_ctx, 0, sizeof( des3_ctx ) );
memset( des3_key, 0, 24 );
des3_free( &des3_ctx );
polarssl_zeroize( des3_key, 24 );
}
#endif /* POLARSSL_DES_C */
@ -173,14 +189,16 @@ static void pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
aes_context aes_ctx;
unsigned char aes_key[32];
aes_init( &aes_ctx );
pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen );
aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 );
aes_crypt_cbc( &aes_ctx, AES_DECRYPT, buflen,
aes_iv, buf, buf );
memset( &aes_ctx, 0, sizeof( aes_ctx ) );
memset( aes_key, 0, keylen );
aes_free( &aes_ctx );
polarssl_zeroize( aes_key, keylen );
}
#endif /* POLARSSL_AES_C */
@ -365,13 +383,10 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer,
void pem_free( pem_context *ctx )
{
if( ctx->buf )
polarssl_free( ctx->buf );
if( ctx->info )
polarssl_free( ctx->info );
memset( ctx, 0, sizeof( pem_context ) );
polarssl_zeroize( ctx, sizeof( pem_context ) );
}
#endif /* POLARSSL_PEM_PARSE_C */
@ -382,10 +397,11 @@ int pem_write_buffer( const char *header, const char *footer,
{
int ret;
unsigned char *encode_buf, *c, *p = buf;
size_t len = 0, use_len = 0;
size_t add_len = strlen( header ) + strlen( footer ) + ( use_len / 64 ) + 1;
size_t len = 0, use_len = 0, add_len = 0;
base64_encode( NULL, &use_len, der_data, der_len );
add_len = strlen( header ) + strlen( footer ) + ( use_len / 64 ) + 1;
if( use_len + add_len > buf_len )
{
*olen = use_len + add_len;

View File

@ -1,7 +1,7 @@
/*
* Public Key abstraction layer
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -23,7 +23,11 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_PK_C)
@ -40,6 +44,11 @@
#include "polarssl/ecdsa.h"
#endif
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
/*
* Initialise a pk_context
*/
@ -57,13 +66,12 @@ void pk_init( pk_context *ctx )
*/
void pk_free( pk_context *ctx )
{
if( ctx == NULL || ctx->pk_info == NULL)
if( ctx == NULL || ctx->pk_info == NULL )
return;
ctx->pk_info->ctx_free_func( ctx->pk_ctx );
ctx->pk_ctx = NULL;
ctx->pk_info = NULL;
polarssl_zeroize( ctx, sizeof( pk_context ) );
}
/*
@ -74,21 +82,21 @@ const pk_info_t * pk_info_from_type( pk_type_t pk_type )
switch( pk_type ) {
#if defined(POLARSSL_RSA_C)
case POLARSSL_PK_RSA:
return &rsa_info;
return( &rsa_info );
#endif
#if defined(POLARSSL_ECP_C)
case POLARSSL_PK_ECKEY:
return &eckey_info;
return( &eckey_info );
case POLARSSL_PK_ECKEY_DH:
return &eckeydh_info;
return( &eckeydh_info );
#endif
#if defined(POLARSSL_ECDSA_C)
case POLARSSL_PK_ECDSA:
return &ecdsa_info;
return( &ecdsa_info );
#endif
/* POLARSSL_PK_RSA_ALT ommited on purpose */
/* POLARSSL_PK_RSA_ALT omitted on purpose */
default:
return NULL;
return( NULL );
}
}
@ -184,6 +192,59 @@ int pk_verify( pk_context *ctx, md_type_t md_alg,
sig, sig_len ) );
}
/*
* Verify a signature with options
*/
int pk_verify_ext( pk_type_t type, const void *options,
pk_context *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
{
if( ctx == NULL || ctx->pk_info == NULL )
return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
if( ! pk_can_do( ctx, type ) )
return( POLARSSL_ERR_PK_TYPE_MISMATCH );
if( type == POLARSSL_PK_RSASSA_PSS )
{
#if defined(POLARSSL_RSA_C) && defined(POLARSSL_PKCS1_V21)
int ret;
const pk_rsassa_pss_options *pss_opts;
if( options == NULL )
return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
pss_opts = (const pk_rsassa_pss_options *) options;
if( sig_len < pk_get_len( ctx ) )
return( POLARSSL_ERR_RSA_VERIFY_FAILED );
ret = rsa_rsassa_pss_verify_ext( pk_rsa( *ctx ),
NULL, NULL, RSA_PUBLIC,
md_alg, hash_len, hash,
pss_opts->mgf1_hash_id,
pss_opts->expected_salt_len,
sig );
if( ret != 0 )
return( ret );
if( sig_len > pk_get_len( ctx ) )
return( POLARSSL_ERR_PK_SIG_LEN_MISMATCH );
return( 0 );
#else
return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE );
#endif
}
/* General case: no options */
if( options != NULL )
return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
return( pk_verify( ctx, md_alg, hash, hash_len, sig, sig_len ) );
}
/*
* Make a signature
*/
@ -258,6 +319,9 @@ int pk_debug( const pk_context *ctx, pk_debug_item *items )
if( ctx == NULL || ctx->pk_info == NULL )
return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
if( ctx->pk_info->debug_func == NULL )
return( POLARSSL_ERR_PK_TYPE_MISMATCH );
ctx->pk_info->debug_func( ctx->pk_ctx, items );
return( 0 );
}

View File

@ -1,7 +1,7 @@
/*
* Public Key abstraction layer: wrapper functions
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -23,7 +23,11 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_PK_C)
@ -40,21 +44,26 @@
#include "polarssl/ecdsa.h"
#endif
#if defined(POLARSSL_MEMORY_C)
#include "polarssl/memory.h"
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#include <stdlib.h>
#define polarssl_malloc malloc
#define polarssl_free free
#endif
/* Used by RSA-alt too */
static int rsa_can_do( pk_type_t type )
{
return( type == POLARSSL_PK_RSA );
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
#if defined(POLARSSL_RSA_C)
static int rsa_can_do( pk_type_t type )
{
return( type == POLARSSL_PK_RSA ||
type == POLARSSL_PK_RSASSA_PSS );
}
static size_t rsa_get_size( const void *ctx )
{
return( 8 * ((const rsa_context *) ctx)->len );
@ -64,11 +73,20 @@ static int rsa_verify_wrap( void *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
{
if( sig_len != ((rsa_context *) ctx)->len )
int ret;
if( sig_len < ((rsa_context *) ctx)->len )
return( POLARSSL_ERR_RSA_VERIFY_FAILED );
return( rsa_pkcs1_verify( (rsa_context *) ctx, NULL, NULL,
RSA_PUBLIC, md_alg, (unsigned int) hash_len, hash, sig ) );
if( ( ret = rsa_pkcs1_verify( (rsa_context *) ctx, NULL, NULL,
RSA_PUBLIC, md_alg,
(unsigned int) hash_len, hash, sig ) ) != 0 )
return( ret );
if( sig_len > ((rsa_context *) ctx)->len )
return( POLARSSL_ERR_PK_SIG_LEN_MISMATCH );
return( 0 );
}
static int rsa_sign_wrap( void *ctx, md_type_t md_alg,
@ -114,7 +132,7 @@ static void *rsa_alloc_wrap( void )
if( ctx != NULL )
rsa_init( (rsa_context *) ctx, 0, 0 );
return ctx;
return( ctx );
}
static void rsa_free_wrap( void *ctx )
@ -259,7 +277,7 @@ const pk_info_t eckey_info = {
};
/*
* EC key resticted to ECDH
* EC key restricted to ECDH
*/
static int eckeydh_can_do( pk_type_t type )
{
@ -292,10 +310,16 @@ static int ecdsa_verify_wrap( void *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
{
int ret;
((void) md_alg);
return( ecdsa_read_signature( (ecdsa_context *) ctx,
hash, hash_len, sig, sig_len ) );
ret = ecdsa_read_signature( (ecdsa_context *) ctx,
hash, hash_len, sig, sig_len );
if( ret == POLARSSL_ERR_ECP_SIG_LEN_MISMATCH )
return( POLARSSL_ERR_PK_SIG_LEN_MISMATCH );
return( ret );
}
static int ecdsa_sign_wrap( void *ctx, md_type_t md_alg,
@ -315,7 +339,7 @@ static int ecdsa_sign_wrap( void *ctx, md_type_t md_alg,
return( ecdsa_write_signature( (ecdsa_context *) ctx,
hash, hash_len, sig, sig_len, f_rng, p_rng ) );
#endif
#endif /* POLARSSL_ECDSA_DETERMINISTIC */
}
static void *ecdsa_alloc_wrap( void )
@ -353,11 +377,16 @@ const pk_info_t ecdsa_info = {
* Support for alternative RSA-private implementations
*/
static int rsa_alt_can_do( pk_type_t type )
{
return( type == POLARSSL_PK_RSA );
}
static size_t rsa_alt_get_size( const void *ctx )
{
const rsa_alt_context *rsa_alt = (const rsa_alt_context *) ctx;
return( rsa_alt->key_len_func( rsa_alt->key ) );
return( 8 * rsa_alt->key_len_func( rsa_alt->key ) );
}
static int rsa_alt_sign_wrap( void *ctx, md_type_t md_alg,
@ -397,11 +426,12 @@ static void *rsa_alt_alloc_wrap( void )
if( ctx != NULL )
memset( ctx, 0, sizeof( rsa_alt_context ) );
return ctx;
return( ctx );
}
static void rsa_alt_free_wrap( void *ctx )
{
polarssl_zeroize( ctx, sizeof( rsa_alt_context ) );
polarssl_free( ctx );
}
@ -409,7 +439,7 @@ const pk_info_t rsa_alt_info = {
POLARSSL_PK_RSA_ALT,
"RSA-alt",
rsa_alt_get_size,
rsa_can_do,
rsa_alt_can_do,
NULL,
rsa_alt_sign_wrap,
rsa_alt_decrypt_wrap,

Some files were not shown because too many files have changed in this diff Show More