diff options
author | Summer Qin <summer.qin@arm.com> | 2021-07-15 18:48:43 +0800 |
---|---|---|
committer | Ken Liu <ken.liu@arm.com> | 2021-07-21 09:26:16 +0200 |
commit | eb85c7e07212903c76912f5b29b76bb72df3c17e (patch) | |
tree | 71b58bd7e042605018d582d386778fb8078ba259 | |
parent | 9347dc7fa2b46d55061778362173f4687c2238f9 (diff) | |
download | trusted-firmware-m-eb85c7e07212903c76912f5b29b76bb72df3c17e.tar.gz |
CC312: Align CC312 with mbedtls 3.0.0
Change-Id: I97de9292688e4991d7414e176c3bab96c84345cd
Signed-off-by: Summer Qin <summer.qin@arm.com>
13 files changed, 389 insertions, 441 deletions
diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/crypto_api/cc3x_sym/api/mbedtls_cc_sha512_t.c b/lib/ext/cryptocell-312-runtime/codesafe/src/crypto_api/cc3x_sym/api/mbedtls_cc_sha512_t.c index 66585ce6c1..09d8d78a51 100644 --- a/lib/ext/cryptocell-312-runtime/codesafe/src/crypto_api/cc3x_sym/api/mbedtls_cc_sha512_t.c +++ b/lib/ext/cryptocell-312-runtime/codesafe/src/crypto_api/cc3x_sym/api/mbedtls_cc_sha512_t.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001-2020, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2001-2021, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -55,33 +55,33 @@ void mbedtls_sha512_t_starts( mbedtls_sha512_context *ctx, int is224 ) CC_PalAbort("mbedtls_sha512_starts: is224 must be 0 or 1"); } - ctx->total[0] = 0; - ctx->total[1] = 0; + ctx->MBEDTLS_PRIVATE(total)[0] = 0; + ctx->MBEDTLS_PRIVATE(total)[1] = 0; if( is224 == 1 ) { /* SHA-512/224 */ - ctx->state[0] = UL64(0x8C3D37C819544DA2); - ctx->state[1] = UL64(0x73E1996689DCD4D6); - ctx->state[2] = UL64(0x1DFAB7AE32FF9C82); - ctx->state[3] = UL64(0x679DD514582F9FCF); - ctx->state[4] = UL64(0x0F6D2B697BD44DA8); - ctx->state[5] = UL64(0x77E36F7304C48942); - ctx->state[6] = UL64(0x3F9D85A86A1D36C8); - ctx->state[7] = UL64(0x1112E6AD91D692A1); + ctx->MBEDTLS_PRIVATE(state)[0] = UL64(0x8C3D37C819544DA2); + ctx->MBEDTLS_PRIVATE(state)[1] = UL64(0x73E1996689DCD4D6); + ctx->MBEDTLS_PRIVATE(state)[2] = UL64(0x1DFAB7AE32FF9C82); + ctx->MBEDTLS_PRIVATE(state)[3] = UL64(0x679DD514582F9FCF); + ctx->MBEDTLS_PRIVATE(state)[4] = UL64(0x0F6D2B697BD44DA8); + ctx->MBEDTLS_PRIVATE(state)[5] = UL64(0x77E36F7304C48942); + ctx->MBEDTLS_PRIVATE(state)[6] = UL64(0x3F9D85A86A1D36C8); + ctx->MBEDTLS_PRIVATE(state)[7] = UL64(0x1112E6AD91D692A1); } else { /* SHA-512/256 */ - ctx->state[0] = UL64(0x22312194FC2BF72C); - ctx->state[1] = UL64(0x9F555FA3C84C64C2); - ctx->state[2] = UL64(0x2393B86B6F53B151); - ctx->state[3] = UL64(0x963877195940EABD); - ctx->state[4] = UL64(0x96283EE2A88EFFE3); - ctx->state[5] = UL64(0xBE5E1E2553863992); - ctx->state[6] = UL64(0x2B0199FC2C85B8AA); - ctx->state[7] = UL64(0x0EB72DDC81C52CA2); + ctx->MBEDTLS_PRIVATE(state)[0] = UL64(0x22312194FC2BF72C); + ctx->MBEDTLS_PRIVATE(state)[1] = UL64(0x9F555FA3C84C64C2); + ctx->MBEDTLS_PRIVATE(state)[2] = UL64(0x2393B86B6F53B151); + ctx->MBEDTLS_PRIVATE(state)[3] = UL64(0x963877195940EABD); + ctx->MBEDTLS_PRIVATE(state)[4] = UL64(0x96283EE2A88EFFE3); + ctx->MBEDTLS_PRIVATE(state)[5] = UL64(0xBE5E1E2553863992); + ctx->MBEDTLS_PRIVATE(state)[6] = UL64(0x2B0199FC2C85B8AA); + ctx->MBEDTLS_PRIVATE(state)[7] = UL64(0x0EB72DDC81C52CA2); } - ctx->is384 = 0; + ctx->MBEDTLS_PRIVATE(is384) = 0; } @@ -90,7 +90,7 @@ void mbedtls_sha512_t_process( mbedtls_sha512_context *ctx, const unsigned char if (ctx == NULL || data == NULL) { CC_PalAbort("mbedtls_sha512_context and data buffer cannot be NULL"); } - mbedtls_sha512_process(ctx, data); + mbedtls_internal_sha512_process(ctx, data); } /* diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/cc_ecp_internal.c b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/cc_ecp_internal.c index 8e4f3ac637..195b63c6ca 100644 --- a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/cc_ecp_internal.c +++ b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/cc_ecp_internal.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2001-2021, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -102,7 +102,7 @@ static int ecc_conv_scalar_to_mpi( uint8_t * scalar, size_t scalarSize, mbedtls_ return ret; } - X->s = 1; /*unsigned*/ + X->MBEDTLS_PRIVATE(s) = 1; /*unsigned*/ mbedtls_free(outArr); @@ -136,7 +136,7 @@ static int ecc_conv_mpi_to_scalar( const mbedtls_mpi * X, uint8_t *scalar, size_ CC_PAL_LOG_ERR("Error - failed to reverse memcpy, status = %d\n",status); return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } - *scalarSize = (X->n * sizeof(mbedtls_mpi_uint)); + *scalarSize = (X->MBEDTLS_PRIVATE(n) * sizeof(mbedtls_mpi_uint)); mbedtls_free(outArr); @@ -167,7 +167,7 @@ static int ecp_mont_mul( mbedtls_ecp_point *R, } mbedtls_zeroize_internal(px, CC_EC_MONT_MOD_SIZE_IN_BYTES); - ret = ecc_conv_mpi_to_scalar(&P->X, px, &pxSize); + ret = ecc_conv_mpi_to_scalar(&P->MBEDTLS_PRIVATE(X), px, &pxSize); if (ret != 0) { return ret; @@ -193,14 +193,14 @@ static int ecp_mont_mul( mbedtls_ecp_point *R, } /* prepare the output point R*/ /* Y is not used in the result, and Z is 1*/ - ret = mbedtls_mpi_lset( &R->Z, 1 ); + ret = mbedtls_mpi_lset( &R->MBEDTLS_PRIVATE(Z), 1 ); if (ret != 0) { CC_PAL_LOG_ERR("Error - could not set R.z\n"); return MBEDTLS_ERR_ECP_ALLOC_FAILED; } - mbedtls_mpi_free(&R->Y); - ret = ecc_conv_scalar_to_mpi(resPoint, resPointSize, &R->X); + mbedtls_mpi_free(&R->MBEDTLS_PRIVATE(Y)); + ret = ecc_conv_scalar_to_mpi(resPoint, resPointSize, &R->MBEDTLS_PRIVATE(X)); if (ret != 0) { return ret; @@ -241,7 +241,7 @@ static int ecp_wrst_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, CC_PAL_LOG_ERR("Error - failed to allocate memory for temporary buffer\n"); return MBEDTLS_ERR_ECP_ALLOC_FAILED; } - ret = mbedtls_mpi_grow(&R->X, CALC_FULL_32BIT_WORDS(pDomain->modSizeInBits)); + ret = mbedtls_mpi_grow(&R->MBEDTLS_PRIVATE(X), CALC_FULL_32BIT_WORDS(pDomain->modSizeInBits)); if (ret != 0) { CC_PAL_LOG_ERR("Error - failed to allocate memory for R\n"); @@ -249,16 +249,16 @@ static int ecp_wrst_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, return MBEDTLS_ERR_ECP_ALLOC_FAILED; } - ret = mbedtls_mpi_grow(&R->Y, CALC_FULL_32BIT_WORDS(pDomain->modSizeInBits)); + ret = mbedtls_mpi_grow(&R->MBEDTLS_PRIVATE(Y), CALC_FULL_32BIT_WORDS(pDomain->modSizeInBits)); if (ret != 0) { CC_PAL_LOG_ERR("Error - failed to allocate memory for R.x\n"); mbedtls_free(tmpBuf); - mbedtls_mpi_free(&R->X); + mbedtls_mpi_free(&R->MBEDTLS_PRIVATE(X)); return MBEDTLS_ERR_ECP_ALLOC_FAILED; } - rc = PkaEcWrstScalarMult(pDomain, m->p, m->n, P->X.p, P->Y.p, R->X.p, R->Y.p, tmpBuf); + rc = PkaEcWrstScalarMult(pDomain, m->MBEDTLS_PRIVATE(p), m->MBEDTLS_PRIVATE(n), P->MBEDTLS_PRIVATE(X).MBEDTLS_PRIVATE(p), P->MBEDTLS_PRIVATE(Y).MBEDTLS_PRIVATE(p), R->MBEDTLS_PRIVATE(X).MBEDTLS_PRIVATE(p), R->MBEDTLS_PRIVATE(Y).MBEDTLS_PRIVATE(p), tmpBuf); mbedtls_free(tmpBuf); if (rc != CC_SUCCESS) { @@ -266,12 +266,12 @@ static int ecp_wrst_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, return error_mapping_cc_to_mbedtls_ecc(rc); } - ret = mbedtls_mpi_lset( &R->Z, 1 ); + ret = mbedtls_mpi_lset( &R->MBEDTLS_PRIVATE(Z), 1 ); if (ret != 0) { CC_PAL_LOG_ERR("Error - failed to allocate memory for R\n"); - mbedtls_mpi_free(&R->X); - mbedtls_mpi_free(&R->Y); + mbedtls_mpi_free(&R->MBEDTLS_PRIVATE(X)); + mbedtls_mpi_free(&R->MBEDTLS_PRIVATE(Y)); return MBEDTLS_ERR_ECP_ALLOC_FAILED; } return (0); @@ -298,7 +298,7 @@ int cc_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, } /* Common sanity checks */ - if( mbedtls_mpi_cmp_int( &P->Z, 1 ) != 0 ) + if( mbedtls_mpi_cmp_int( &P->MBEDTLS_PRIVATE(Z), 1 ) != 0 ) { CC_PAL_LOG_ERR("Error - trying to multiply the infinity point\n"); return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); @@ -357,7 +357,7 @@ static int ecp_mont_gen_keypair_base( if (G != NULL) /* Base point was supplied by application*/ { mbedtls_zeroize_internal(px, CC_EC_MONT_MOD_SIZE_IN_BYTES); - ret = ecc_conv_mpi_to_scalar(&G->X, px, &pxSize); + ret = ecc_conv_mpi_to_scalar(&G->MBEDTLS_PRIVATE(X), px, &pxSize); if (ret != 0) { return ret; @@ -401,14 +401,14 @@ static int ecp_mont_gen_keypair_base( } /* prepare the output point Q*/ /* Y is not used in the result, and Z is 1*/ - ret = mbedtls_mpi_lset( &Q->Z, 1 ); + ret = mbedtls_mpi_lset( &Q->MBEDTLS_PRIVATE(Z), 1 ); if (ret != 0) { CC_PAL_LOG_ERR("Error - could not set Q.z\n"); goto END; } - mbedtls_mpi_free(&Q->Y); - ret = ecc_conv_scalar_to_mpi(resPoint, resPointSize, &Q->X); + mbedtls_mpi_free(&Q->MBEDTLS_PRIVATE(Y)); + ret = ecc_conv_scalar_to_mpi(resPoint, resPointSize, &Q->MBEDTLS_PRIVATE(X)); if (ret != 0) { goto END; @@ -497,21 +497,21 @@ static int ecp_wrst_gen_keypair_base( mbedtls_ecp_group *grp, pRndContext->rndGenerateVectFunc = (CCRndGenerateVectWorkFunc_t)f_rng; pRndContext->rndState = p_rng; - ret = mbedtls_mpi_grow(&Q->X, CALC_FULL_32BIT_WORDS(pDomain->modSizeInBits)); + ret = mbedtls_mpi_grow(&Q->MBEDTLS_PRIVATE(X), CALC_FULL_32BIT_WORDS(pDomain->modSizeInBits)); if (ret != 0) { CC_PAL_LOG_ERR("Error - failed to allocate memory for R\n"); goto END; } - Q->X.s = 1; /*unsigned*/ + Q->MBEDTLS_PRIVATE(X).MBEDTLS_PRIVATE(s) = 1; /*unsigned*/ - ret = mbedtls_mpi_grow(&Q->Y, CALC_FULL_32BIT_WORDS(pDomain->modSizeInBits)); + ret = mbedtls_mpi_grow(&Q->MBEDTLS_PRIVATE(Y), CALC_FULL_32BIT_WORDS(pDomain->modSizeInBits)); if (ret != 0) { CC_PAL_LOG_ERR("Error - failed to allocate memory for R.x\n"); goto END; } - Q->Y.s = 1; /*unsigned*/ + Q->MBEDTLS_PRIVATE(Y).MBEDTLS_PRIVATE(s) = 1; /*unsigned*/ ret = mbedtls_mpi_grow(d, CALC_FULL_32BIT_WORDS(pDomain->modSizeInBits)); if (ret != 0) @@ -520,11 +520,11 @@ static int ecp_wrst_gen_keypair_base( mbedtls_ecp_group *grp, goto END; } - d->s = 1; /*unsigned*/ + d->MBEDTLS_PRIVATE(s) = 1; /*unsigned*/ if (G != NULL) /* Base point was supplied by the application*/ { - rc = CC_EcpkiKeyPairGenerateBase(pRndContext, pDomain, G->X.p, G->Y.p, pUserPrivKey, pUserPublKey, pTempBuff, NULL); + rc = CC_EcpkiKeyPairGenerateBase(pRndContext, pDomain, G->MBEDTLS_PRIVATE(X).MBEDTLS_PRIVATE(p), G->MBEDTLS_PRIVATE(Y).MBEDTLS_PRIVATE(p), pUserPrivKey, pUserPublKey, pTempBuff, NULL); } else { @@ -539,11 +539,11 @@ static int ecp_wrst_gen_keypair_base( mbedtls_ecp_group *grp, pPrivKey = (CCEcpkiPrivKey_t *)pUserPrivKey->PrivKeyDbBuff; pPublicKey = (CCEcpkiPublKey_t *)pUserPublKey->PublKeyDbBuff; - CC_PalMemCopy(d->p, pPrivKey->PrivKey, CALC_FULL_BYTES(pDomain->modSizeInBits)); - CC_PalMemCopy(Q->X.p, pPublicKey->x, CALC_FULL_BYTES(pDomain->modSizeInBits)); - CC_PalMemCopy(Q->Y.p, pPublicKey->y, CALC_FULL_BYTES(pDomain->modSizeInBits)); + CC_PalMemCopy(d->MBEDTLS_PRIVATE(p), pPrivKey->PrivKey, CALC_FULL_BYTES(pDomain->modSizeInBits)); + CC_PalMemCopy(Q->MBEDTLS_PRIVATE(X).MBEDTLS_PRIVATE(p), pPublicKey->x, CALC_FULL_BYTES(pDomain->modSizeInBits)); + CC_PalMemCopy(Q->MBEDTLS_PRIVATE(Y).MBEDTLS_PRIVATE(p), pPublicKey->y, CALC_FULL_BYTES(pDomain->modSizeInBits)); - ret = mbedtls_mpi_lset( &Q->Z, 1 ); + ret = mbedtls_mpi_lset( &Q->MBEDTLS_PRIVATE(Z), 1 ); if (ret != 0) { CC_PAL_LOG_ERR("Error - failed to allocate memory for R\n"); diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/cmac_alt.c b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/cmac_alt.c index 7e78950760..31430d1efd 100644 --- a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/cmac_alt.c +++ b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/cmac_alt.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001-2020, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2001-2021, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -152,7 +152,7 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, const unsigned ch return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED ); } - ctx->cmac_ctx = cmac_ctx; + ctx->MBEDTLS_PRIVATE(cmac_ctx) = cmac_ctx; mbedtls_zeroize_internal( ((mbedtls_cmac_private_context_t*)cmac_ctx)->cmac_ctrl_ctx.state, sizeof( ((mbedtls_cmac_private_context_t*)cmac_ctx)->cmac_ctrl_ctx.state ) ); @@ -189,14 +189,14 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, const unsigned ch return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); } - if( ctx == NULL || ctx->cipher_info == NULL || input == NULL || - ctx->cmac_ctx == NULL ) + if( ctx == NULL || ctx->MBEDTLS_PRIVATE(cipher_info) == NULL || input == NULL || + ctx->MBEDTLS_PRIVATE(cmac_ctx) == NULL ) { return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); } - cmac_ctx = ctx->cmac_ctx; - block_size = ctx->cipher_info->block_size; + cmac_ctx = ctx->MBEDTLS_PRIVATE(cmac_ctx); + block_size = ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(block_size); /* Is there data still to process from the last call, that's greater in * size than a block? */ @@ -287,13 +287,13 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, unsigned char *ou CCBuffInfo_t inBuffInfo; CCBuffInfo_t outBuffInfo; - if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL || + if( ctx == NULL || ctx->MBEDTLS_PRIVATE(cipher_info) == NULL || ctx->MBEDTLS_PRIVATE(cmac_ctx) == NULL || output == NULL ) { return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); } - cmac_ctx = ctx->cmac_ctx; + cmac_ctx = ctx->MBEDTLS_PRIVATE(cmac_ctx); ret = SetDataBuffersInfo((const uint8_t*)&((mbedtls_cmac_private_context_t*)cmac_ctx)->cmac_ctrl_ctx.unprocessed_block, ((mbedtls_cmac_private_context_t*)cmac_ctx)->cmac_ctrl_ctx.unprocessed_len, @@ -320,7 +320,7 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, unsigned char *ou CC_PalMemCopy(output, ((mbedtls_cmac_private_context_t*)cmac_ctx)->aes_ctx.ivBuf, AES_IV_SIZE); - mbedtls_zeroize_internal( ctx->cmac_ctx, sizeof( mbedtls_cmac_private_context_t ) ); + mbedtls_zeroize_internal( ctx->MBEDTLS_PRIVATE(cmac_ctx), sizeof( mbedtls_cmac_private_context_t ) ); return (0); } @@ -329,12 +329,12 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ) { mbedtls_cmac_context_t* cmac_ctx = NULL; - if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL ) + if( ctx == NULL || ctx->MBEDTLS_PRIVATE(cipher_info) == NULL || ctx->MBEDTLS_PRIVATE(cmac_ctx) == NULL ) { return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); } - cmac_ctx = ctx->cmac_ctx; + cmac_ctx = ctx->MBEDTLS_PRIVATE(cmac_ctx); /* Reset the internal state */ ((mbedtls_cmac_private_context_t*)cmac_ctx)->cmac_ctrl_ctx.unprocessed_len = 0; @@ -362,7 +362,7 @@ int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info, { return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); } - if( cipher_info->base == NULL ) + if( cipher_info->MBEDTLS_PRIVATE(base) == NULL ) { return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); } diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecdh_alt.c b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecdh_alt.c index e12ee1b4a0..087f704c0a 100644 --- a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecdh_alt.c +++ b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecdh_alt.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2001-2021, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -16,7 +16,6 @@ #include "cc_ecc_internal.h" - const mbedtls_ecp_curve_info curve_25519_data = { MBEDTLS_ECP_DP_CURVE25519, 29, 255, "curve25519"}; #if defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) @@ -74,7 +73,7 @@ int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z, goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( z, &P.X ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( z, &P.MBEDTLS_PRIVATE(X) ) ); cleanup: mbedtls_ecp_point_free( &P ); @@ -109,8 +108,8 @@ static int mbedtls_ecp_tls_write_group_edwards( const mbedtls_ecp_group *grp, si /* * Next two bytes are the namedcurve value */ - buf[0] = curve_info->tls_id >> 8; - buf[1] = curve_info->tls_id & 0xFF; + buf[0] = curve_info->MBEDTLS_PRIVATE(tls_id) >> 8; + buf[1] = curve_info->MBEDTLS_PRIVATE(tls_id) & 0xFF; return( 0 ); } @@ -130,24 +129,24 @@ int mbedtls_ecdh_make_params_edwards( mbedtls_ecdh_context *ctx, size_t *olen, int ret; size_t grp_len, pt_len; - if( ctx == NULL || ctx->grp.pbits == 0 || + if( ctx == NULL || ctx->MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(mbed_ecdh).MBEDTLS_PRIVATE(grp).pbits == 0 || olen == NULL || buf == NULL || - blen <= 0 || (ctx->grp.id != MBEDTLS_ECP_DP_CURVE25519) ){ + blen <= 0 || (ctx->MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(mbed_ecdh).MBEDTLS_PRIVATE(grp).id != MBEDTLS_ECP_DP_CURVE25519) ){ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); } - if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) ) + if( ( ret = mbedtls_ecdh_gen_public( &ctx->MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(mbed_ecdh).MBEDTLS_PRIVATE(grp), &ctx->MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(mbed_ecdh).MBEDTLS_PRIVATE(d), &ctx->MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(mbed_ecdh).MBEDTLS_PRIVATE(Q), f_rng, p_rng ) ) != 0 ) return( ret ); - if( ( ret = mbedtls_ecp_tls_write_group_edwards( &ctx->grp, &grp_len, buf, blen ) ) + if( ( ret = mbedtls_ecp_tls_write_group_edwards( &ctx->MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(mbed_ecdh).MBEDTLS_PRIVATE(grp), &grp_len, buf, blen ) ) != 0 ) return( ret ); buf += grp_len; blen -= grp_len; - if( ( ret = mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, ctx->point_format, + if( ( ret = mbedtls_ecp_tls_write_point( &ctx->MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(mbed_ecdh).MBEDTLS_PRIVATE(grp), &ctx->MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(mbed_ecdh).MBEDTLS_PRIVATE(Q), ctx->MBEDTLS_PRIVATE(point_format), &pt_len, buf, blen ) ) != 0 ) return( ret ); @@ -182,10 +181,10 @@ static int mbedtls_ecp_tls_read_group_edwards( mbedtls_ecp_group *grp, const uns tls_id <<= 8; tls_id |= *(*buf)++; - if (curve_info->tls_id != tls_id){ + if (curve_info->MBEDTLS_PRIVATE(tls_id) != tls_id){ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); } - return mbedtls_ecp_group_load( grp, curve_info->grp_id ); + return mbedtls_ecp_group_load( grp, curve_info->MBEDTLS_PRIVATE(grp_id) ); } /* @@ -203,10 +202,10 @@ int mbedtls_ecdh_read_params_edwards( mbedtls_ecdh_context *ctx, if( ctx == NULL || buf == NULL || end == NULL){ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); } - if( ( ret = mbedtls_ecp_tls_read_group_edwards( &ctx->grp, buf, end - *buf ) ) != 0 ) + if( ( ret = mbedtls_ecp_tls_read_group_edwards( &ctx->MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(mbed_ecdh).MBEDTLS_PRIVATE(grp), buf, end - *buf ) ) != 0 ) return( ret ); - if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf, end - *buf ) ) + if( ( ret = mbedtls_ecp_tls_read_point( &ctx->MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(mbed_ecdh).MBEDTLS_PRIVATE(grp), &ctx->MBEDTLS_PRIVATE(ctx).MBEDTLS_PRIVATE(mbed_ecdh).MBEDTLS_PRIVATE(Qp), buf, end - *buf ) ) != 0 ){ return( ret ); } diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecdsa_alt.c b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecdsa_alt.c index da0c770cce..f500f765de 100644 --- a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecdsa_alt.c +++ b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecdsa_alt.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2001-2021, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -378,8 +378,8 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - return( mbedtls_ecp_group_load( &ctx->grp, gid ) || - cc_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) ); + return( mbedtls_ecp_group_load( &ctx->MBEDTLS_PRIVATE(grp), gid ) || + cc_ecp_gen_keypair( &ctx->MBEDTLS_PRIVATE(grp), &ctx->MBEDTLS_PRIVATE(d), &ctx->MBEDTLS_PRIVATE(Q), f_rng, p_rng ) ); } #endif /* MBEDTLS_ECDSA_GENKEY_ALT */ diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecdsa_edwards.c b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecdsa_edwards.c index 039b37e49e..12a547c246 100644 --- a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecdsa_edwards.c +++ b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecdsa_edwards.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2001-2021, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -95,9 +95,9 @@ int mbedtls_ecdsa_genkey_edwards( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } - grp = &ctx->grp; - d = &ctx->d; - Q = &ctx->Q; + grp = &ctx->MBEDTLS_PRIVATE(grp); + d = &ctx->MBEDTLS_PRIVATE(d); + Q = &ctx->MBEDTLS_PRIVATE(Q); pDomain = EcEdwGetDomain25519(); if (NULL == pDomain) @@ -139,13 +139,13 @@ int mbedtls_ecdsa_genkey_edwards( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_ ret = error_mapping_cc_to_mbedtls_ecc(rc); goto END; } - ret = mbedtls_mpi_read_binary(&Q->Y, pPublicKey, CALC_FULL_BYTES(pDomain->ecModSizeInBits)); + ret = mbedtls_mpi_read_binary(&Q->MBEDTLS_PRIVATE(Y), pPublicKey, CALC_FULL_BYTES(pDomain->ecModSizeInBits)); if (ret != 0) { CC_PAL_LOG_ERR("Error - failed to allocate memory for Q->Y\n"); goto END; } - Q->Y.s = 1; /*unsigned*/ + Q->MBEDTLS_PRIVATE(Y).MBEDTLS_PRIVATE(s) = 1; /*unsigned*/ ret = mbedtls_mpi_read_binary(d, pPrivKey, CALC_FULL_BYTES(2*pDomain->ecModSizeInBits)); if (ret != 0) @@ -153,7 +153,7 @@ int mbedtls_ecdsa_genkey_edwards( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_ CC_PAL_LOG_ERR("Error - failed to allocate memory for Q->Y\n"); goto END; } - d->s = 1; /*unsigned*/ + d->MBEDTLS_PRIVATE(s) = 1; /*unsigned*/ /* Set the group curve order used by sign & verify functions */ @@ -299,7 +299,7 @@ int mbedtls_ecdsa_verify_edwards(mbedtls_ecp_group *grp, const unsigned char *bu /* Only the Y coordinate is required */ pub_key_size = order_size; - ret = ecdsa_export_mpi_to_buff( &Q->Y, &pub_key_size, pub_key_buf, order_size ); + ret = ecdsa_export_mpi_to_buff( &Q->MBEDTLS_PRIVATE(Y), &pub_key_size, pub_key_buf, order_size ); if ((ret != 0) || (pub_key_size != order_size)) { @@ -375,13 +375,13 @@ int mbedtls_ecdsa_public_key_read_edwards( mbedtls_ecp_point *Q, return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } - ret = mbedtls_mpi_read_binary(&Q->Y, buf, blen); + ret = mbedtls_mpi_read_binary(&Q->MBEDTLS_PRIVATE(Y), buf, blen); if (ret != 0) { CC_PAL_LOG_ERR("Error - failed to allocate memory for Q->Y\n"); return ret; } - Q->Y.s = 1; /*unsigned*/ + Q->MBEDTLS_PRIVATE(Y).MBEDTLS_PRIVATE(s) = 1; /*unsigned*/ return CC_OK; @@ -411,7 +411,7 @@ int mbedtls_ecdsa_public_key_write_edwards( const mbedtls_ecp_point *Q, { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } - ret = ecdsa_export_mpi_to_buff(&Q->Y, olen, buf, keySize); + ret = ecdsa_export_mpi_to_buff(&Q->MBEDTLS_PRIVATE(Y), olen, buf, keySize); if (ret != 0) { CC_PAL_LOG_ERR("Error - failed to allocate memory for Q->Y\n"); diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecp_common.h b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecp_common.h index a232d537c7..a87b530ea6 100644 --- a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecp_common.h +++ b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/ecp_common.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2001-2021, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -38,10 +38,10 @@ int error_mapping_cc_to_mbedtls_ecc (CCError_t cc_error); */ static inline ecp_curve_type ecp_get_type(const mbedtls_ecp_group *grp) { - if (grp->G.X.p == NULL) + if (grp->G.MBEDTLS_PRIVATE(X).MBEDTLS_PRIVATE(p) == NULL) return (ECP_TYPE_NONE); - if (grp->G.Y.p == NULL) + if (grp->G.MBEDTLS_PRIVATE(Y).MBEDTLS_PRIVATE(p) == NULL) return (ECP_TYPE_25519); else return (ECP_TYPE_SHORT_WEIERSTRASS); diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/gcm_alt.c b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/gcm_alt.c index 59e340e207..679787caf8 100644 --- a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/gcm_alt.c +++ b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/gcm_alt.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2001-2021, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -580,42 +580,59 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, int mbedtls_gcm_starts(mbedtls_gcm_context *ctx, int mode, const unsigned char *iv, - size_t iv_len, - const unsigned char *aad, - size_t aad_len) + size_t iv_len) { CC_UNUSED_PARAM(ctx); CC_UNUSED_PARAM(mode); CC_UNUSED_PARAM(iv); CC_UNUSED_PARAM(iv_len); - CC_UNUSED_PARAM(aad); - CC_UNUSED_PARAM(aad_len); return (MBEDTLS_ERR_GCM_API_IS_NOT_SUPPORTED); } int mbedtls_gcm_update(mbedtls_gcm_context *ctx, - size_t length, - const unsigned char *input, - unsigned char *output) + const unsigned char *input, + size_t input_length, + unsigned char *output, + size_t output_size, + size_t *output_length) { CC_UNUSED_PARAM(ctx); - CC_UNUSED_PARAM(length); CC_UNUSED_PARAM(input); + CC_UNUSED_PARAM(input_length); CC_UNUSED_PARAM(output); + CC_UNUSED_PARAM(output_size); + CC_UNUSED_PARAM(output_length); return (MBEDTLS_ERR_GCM_API_IS_NOT_SUPPORTED); } int mbedtls_gcm_finish(mbedtls_gcm_context *ctx, - unsigned char *tag, - size_t tag_len) + unsigned char *output, + size_t output_size, + size_t *output_length, + unsigned char *tag, + size_t tag_len) { CC_UNUSED_PARAM(ctx); + CC_UNUSED_PARAM(output); + CC_UNUSED_PARAM(output_size); + CC_UNUSED_PARAM(output_length); CC_UNUSED_PARAM(tag); CC_UNUSED_PARAM(tag_len); return (MBEDTLS_ERR_GCM_API_IS_NOT_SUPPORTED); } + +int mbedtls_gcm_update_ad(mbedtls_gcm_context *ctx, + const unsigned char *add, + size_t add_len) +{ + CC_UNUSED_PARAM(ctx); + CC_UNUSED_PARAM(add); + CC_UNUSED_PARAM(add_len); + + return (MBEDTLS_ERR_GCM_API_IS_NOT_SUPPORTED); +} /**************************************************************************************************/ #endif diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/rsa_alt.c b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/rsa_alt.c index b48c57a576..507e3e66dc 100644 --- a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/rsa_alt.c +++ b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/rsa_alt.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001-2020, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2001-2021, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -14,7 +14,6 @@ #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" -#include "mbedtls/rsa_internal.h" #include "mbedtls/oid.h" #include "mbedtls_common.h" #include "mbedtls/bignum.h" @@ -135,19 +134,19 @@ static int32_t mbedtls_rsa_uint32_buf_to_mpi(mbedtls_mpi *X, const uint32_t *buf { int32_t err = 0; - if(X == NULL || X->p != NULL || X->n != 0 || sizeInWords == 0) { + if(X == NULL || X->MBEDTLS_PRIVATE(p) != NULL || X->MBEDTLS_PRIVATE(n) != 0 || sizeInWords == 0) { err = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; goto End; } - if( ( X->p = (uint32_t*)mbedtls_calloc( sizeInWords, sizeof(uint32_t) ) ) == NULL ) { + if( ( X->MBEDTLS_PRIVATE(p) = (uint32_t*)mbedtls_calloc( sizeInWords, sizeof(uint32_t) ) ) == NULL ) { err = MBEDTLS_ERR_MPI_ALLOC_FAILED; goto End; } - CC_PalMemCopy(X->p, buf, sizeInWords*CC_32BIT_WORD_SIZE); - X->s = 1; - X->n = sizeInWords; + CC_PalMemCopy(X->MBEDTLS_PRIVATE(p), buf, sizeInWords*CC_32BIT_WORD_SIZE); + X->MBEDTLS_PRIVATE(s) = 1; + X->MBEDTLS_PRIVATE(n) = sizeInWords; End: return err; @@ -299,30 +298,23 @@ static int error_mapping_cc_to_mbedtls_rsa (CCError_t cc_error, CC_RSA_OP op) return ret; } -void mbedtls_rsa_init( mbedtls_rsa_context *ctx, - int padding, - int hash_id ) +void mbedtls_rsa_init( mbedtls_rsa_context *ctx) { /* check input parameters and functions */ if (ctx == NULL){ CC_PalAbort("Ctx is NULL\n"); } - if ((hash_id != MBEDTLS_MD_NONE) && ((hash_id < MBEDTLS_MD_SHA1) || (hash_id > MBEDTLS_MD_SHA512))){ - CC_PalAbort("Not valid hash id\n"); - } CC_PalMemSetZero(ctx, sizeof( mbedtls_rsa_context)); - mbedtls_rsa_set_padding( ctx, padding, hash_id ); - #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_init( &ctx->mutex ); + mbedtls_mutex_init( &ctx->MBEDTLS_PRIVATE(mutex) ); #endif } /* * Set padding for an existing RSA context */ -void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id ) +int mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, mbedtls_md_type_t hash_id ) { /* check input parameters and functions */ if (ctx == NULL){ @@ -331,8 +323,10 @@ void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id if ((hash_id != MBEDTLS_MD_NONE) && ((hash_id < MBEDTLS_MD_SHA1) || (hash_id > MBEDTLS_MD_SHA512))){ CC_PalAbort("Not valid hash id\n"); } - ctx->padding = padding; - ctx->hash_id = hash_id; + ctx->MBEDTLS_PRIVATE(padding) = padding; + ctx->MBEDTLS_PRIVATE(hash_id) = hash_id; + + return (0); } #if defined(MBEDTLS_GENPRIME) @@ -470,17 +464,17 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *pCtx, /*!< pointer to context s /* allocate mbedtls context internal buffers and copy data to them */ - pCtx->len = keySizeBytes; /* full size of modulus in bytes, including leading zeros*/ - MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->N, pCcPubKey->n, keySizeWords ) ); - MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->E, pCcPubKey->e, PUB_EXP_SIZE_IN_WORDS ) ); - MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->D, pCcPrivKey->PriveKeyDb.NonCrt.d, keySizeWords ) ); - MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->NP, ((RsaPubKeyDb_t*)(pCcPubKey->ccRSAIntBuff))->NP, + pCtx->MBEDTLS_PRIVATE(len) = keySizeBytes; /* full size of modulus in bytes, including leading zeros*/ + MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->MBEDTLS_PRIVATE(N), pCcPubKey->n, keySizeWords ) ); + MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->MBEDTLS_PRIVATE(E), pCcPubKey->e, PUB_EXP_SIZE_IN_WORDS ) ); + MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->MBEDTLS_PRIVATE(D), pCcPrivKey->PriveKeyDb.NonCrt.d, keySizeWords ) ); + MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->MBEDTLS_PRIVATE(NP), ((RsaPubKeyDb_t*)(pCcPubKey->ccRSAIntBuff))->NP, CC_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS ) ); /* P,Q saved in the context as it is done in mbedtls independent on * CRT compilation flag */ - MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->P, pKeyGenData->KGData.p, keySizeWords/2 ) ); - MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->Q, pKeyGenData->KGData.q, keySizeWords/2 ) ); + MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->MBEDTLS_PRIVATE(P), pKeyGenData->KGData.p, keySizeWords/2 ) ); + MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->MBEDTLS_PRIVATE(Q), pKeyGenData->KGData.q, keySizeWords/2 ) ); /* calculate Barrett tags for P,Q and set into context */ err = PkiCalcNp(((RsaPrivKeyDb_t *)(pCcPrivKey->ccRSAPrivKeyIntBuff))->Crt.PP,/*out*/ @@ -493,8 +487,8 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *pCtx, /*!< pointer to context s if (err != CC_OK) { goto End; } - MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->BPP, ((RsaPrivKeyDb_t*)(pCcPrivKey->ccRSAPrivKeyIntBuff))->Crt.PP, CC_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS ) ); - MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->BQP, ((RsaPrivKeyDb_t*)(pCcPrivKey->ccRSAPrivKeyIntBuff))->Crt.QP, CC_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS ) ); + MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->MBEDTLS_PRIVATE(BPP), ((RsaPrivKeyDb_t*)(pCcPrivKey->ccRSAPrivKeyIntBuff))->Crt.PP, CC_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS ) ); + MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->MBEDTLS_PRIVATE(BQP), ((RsaPrivKeyDb_t*)(pCcPrivKey->ccRSAPrivKeyIntBuff))->Crt.QP, CC_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS ) ); /* calculate CRT parameters */ #if !defined(MBEDTLS_RSA_NO_CRT) @@ -512,9 +506,9 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *pCtx, /*!< pointer to context s } /* allocate mbedtls context internal buffers and copy data to them */ - MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->DP, pCcPrivKey->PriveKeyDb.Crt.dP, keySizeWords/2 ) ); - MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->DQ, pCcPrivKey->PriveKeyDb.Crt.dQ, keySizeWords/2 ) ); - MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->QP, pCcPrivKey->PriveKeyDb.Crt.qInv, keySizeWords/2 ) ); + MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->MBEDTLS_PRIVATE(DP), pCcPrivKey->PriveKeyDb.Crt.dP, keySizeWords/2 ) ); + MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->MBEDTLS_PRIVATE(DQ), pCcPrivKey->PriveKeyDb.Crt.dQ, keySizeWords/2 ) ); + MBEDTLS_RSA_CHK( mbedtls_rsa_uint32_buf_to_mpi( &pCtx->MBEDTLS_PRIVATE(QP), pCcPrivKey->PriveKeyDb.Crt.qInv, keySizeWords/2 ) ); #endif /* MBEDTLS_RSA_NO_CRT */ #ifdef FIPS_CERTIFICATION @@ -554,8 +548,8 @@ static int rsa_check_context_alt( mbedtls_rsa_context const *ctx, int is_priv, * P,Q need to be present or not. In this function this variable is not used */ ((void) blinding_needed); - if( ctx->len != mbedtls_mpi_size( &ctx->N ) || - ctx->len > MBEDTLS_MPI_MAX_SIZE ) + if( ctx->MBEDTLS_PRIVATE(len) != mbedtls_mpi_size( &ctx->MBEDTLS_PRIVATE(N) ) || + ctx->MBEDTLS_PRIVATE(len) > MBEDTLS_MPI_MAX_SIZE ) { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } @@ -566,8 +560,8 @@ static int rsa_check_context_alt( mbedtls_rsa_context const *ctx, int is_priv, /* Modular exponentiation wrt. N is always used for * RSA public key operations. */ - if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) <= 0 || - mbedtls_mpi_get_bit( &ctx->N, 0 ) == 0 ) + if( mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(N), 0 ) <= 0 || + mbedtls_mpi_get_bit( &ctx->MBEDTLS_PRIVATE(N), 0 ) == 0 ) { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } @@ -577,10 +571,10 @@ static int rsa_check_context_alt( mbedtls_rsa_context const *ctx, int is_priv, * used for private key operations and if CRT * is used. */ if( is_priv && - ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) <= 0 || - mbedtls_mpi_get_bit( &ctx->P, 0 ) == 0 || - mbedtls_mpi_cmp_int( &ctx->Q, 0 ) <= 0 || - mbedtls_mpi_get_bit( &ctx->Q, 0 ) == 0 ) ) + ( mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(P), 0 ) <= 0 || + mbedtls_mpi_get_bit( &ctx->MBEDTLS_PRIVATE(P), 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(Q), 0 ) <= 0 || + mbedtls_mpi_get_bit( &ctx->MBEDTLS_PRIVATE(Q), 0 ) == 0 ) ) { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } @@ -591,18 +585,18 @@ static int rsa_check_context_alt( mbedtls_rsa_context const *ctx, int is_priv, */ /* Always need E for public key operations */ - if( mbedtls_mpi_cmp_int( &ctx->E, 0 ) <= 0 ) + if( mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(E), 0 ) <= 0 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); #if defined(MBEDTLS_RSA_NO_CRT) /* For private key operations, use D or DP & DQ * as (unblinded) exponents. */ - if( is_priv && mbedtls_mpi_cmp_int( &ctx->D, 0 ) <= 0 ) + if( is_priv && mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(D), 0 ) <= 0 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); #else if( is_priv && - ( mbedtls_mpi_cmp_int( &ctx->DP, 0 ) <= 0 || - mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) <= 0 ) ) + ( mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(DP), 0 ) <= 0 || + mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(DQ), 0 ) <= 0 ) ) { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } @@ -612,7 +606,7 @@ static int rsa_check_context_alt( mbedtls_rsa_context const *ctx, int is_priv, * but check for QP >= 1 nonetheless. */ #if !defined(MBEDTLS_RSA_NO_CRT) if( is_priv && - mbedtls_mpi_cmp_int( &ctx->QP, 0 ) <= 0 ) + mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(QP), 0 ) <= 0 ) { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } @@ -694,7 +688,7 @@ int mbedtls_rsa_validate_params_alt( const mbedtls_mpi *N, const mbedtls_mpi *P, } if( P != NULL ) { - ret = RsaPrimeTestCall( &ccRndCtx, &P->p[0], mbedtls_mpi_size_in_words(P), + ret = RsaPrimeTestCall( &ccRndCtx, &P->MBEDTLS_PRIVATE(p)[0], mbedtls_mpi_size_in_words(P), rabinTestsCount, &isPrime, pTempBuff/*3*modSizeWords*/, CC_RSA_PRIME_TEST_MODE ); @@ -704,7 +698,7 @@ int mbedtls_rsa_validate_params_alt( const mbedtls_mpi *N, const mbedtls_mpi *P, } } if( Q != NULL ) { - ret = RsaPrimeTestCall( &ccRndCtx, &Q->p[0], mbedtls_mpi_size_in_words(Q), + ret = RsaPrimeTestCall( &ccRndCtx, &Q->MBEDTLS_PRIVATE(p)[0], mbedtls_mpi_size_in_words(Q), rabinTestsCount, &isPrime, pTempBuff/*3*modSizeWords*/, CC_RSA_PRIME_TEST_MODE ); @@ -900,21 +894,21 @@ cleanup: */ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ) { - if( ctx == NULL || !ctx->N.p || ( ctx->N.s != 1 ) || !ctx->E.p || ( ctx->E.s != 1 ) ) + if( ctx == NULL || !ctx->MBEDTLS_PRIVATE(N).MBEDTLS_PRIVATE(p) || ( ctx->MBEDTLS_PRIVATE(N).MBEDTLS_PRIVATE(s) != 1 ) || !ctx->MBEDTLS_PRIVATE(E).MBEDTLS_PRIVATE(p) || ( ctx->MBEDTLS_PRIVATE(E).MBEDTLS_PRIVATE(s) != 1 ) ) return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); /* check oddness */ - if( ( ctx->N.p[0] & 1 ) == 0 || - ( ctx->E.p[0] & 1 ) == 0 ) + if( ( ctx->MBEDTLS_PRIVATE(N).MBEDTLS_PRIVATE(p)[0] & 1 ) == 0 || + ( ctx->MBEDTLS_PRIVATE(E).MBEDTLS_PRIVATE(p)[0] & 1 ) == 0 ) return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED); - if( mbedtls_mpi_bitlen( &ctx->N ) < MBEDTLS_RSA_MIN_VALID_KEY_SIZE_VALUE_IN_BITS || - mbedtls_mpi_bitlen( &ctx->N ) > MBEDTLS_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS ) + if( mbedtls_mpi_bitlen( &ctx->MBEDTLS_PRIVATE(N) ) < MBEDTLS_RSA_MIN_VALID_KEY_SIZE_VALUE_IN_BITS || + mbedtls_mpi_bitlen( &ctx->MBEDTLS_PRIVATE(N) ) > MBEDTLS_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS ) return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); - if( mbedtls_mpi_bitlen( &ctx->E ) < 2 || - mbedtls_mpi_cmp_mpi( &ctx->E, &ctx->N ) >= 0 ) + if( mbedtls_mpi_bitlen( &ctx->MBEDTLS_PRIVATE(E) ) < 2 || + mbedtls_mpi_cmp_mpi( &ctx->MBEDTLS_PRIVATE(E), &ctx->MBEDTLS_PRIVATE(N) ) >= 0 ) return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); return( 0 ); @@ -939,15 +933,15 @@ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ) return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); } - if( mbedtls_rsa_validate_params_alt( &ctx->N, &ctx->P, &ctx->Q, - &ctx->D, &ctx->E, NULL, NULL ) != 0 ) + if( mbedtls_rsa_validate_params_alt( &ctx->MBEDTLS_PRIVATE(N), &ctx->MBEDTLS_PRIVATE(P), &ctx->MBEDTLS_PRIVATE(Q), + &ctx->MBEDTLS_PRIVATE(D), &ctx->MBEDTLS_PRIVATE(E), NULL, NULL ) != 0 ) { return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); } #if !defined(MBEDTLS_RSA_NO_CRT) - if( mbedtls_rsa_validate_crt_alt( &ctx->P, &ctx->Q, &ctx->D, - &ctx->DP, &ctx->DQ, &ctx->QP ) != 0 ) + if( mbedtls_rsa_validate_crt_alt( &ctx->MBEDTLS_PRIVATE(P), &ctx->MBEDTLS_PRIVATE(Q), &ctx->MBEDTLS_PRIVATE(D), + &ctx->MBEDTLS_PRIVATE(DP), &ctx->MBEDTLS_PRIVATE(DQ), &ctx->MBEDTLS_PRIVATE(QP) ) != 0 ) { return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); } @@ -967,8 +961,8 @@ int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rs return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); } - if( mbedtls_mpi_cmp_mpi( &pub->N, &prv->N ) != 0 || - mbedtls_mpi_cmp_mpi( &pub->E, &prv->E ) != 0 ) + if( mbedtls_mpi_cmp_mpi( &pub->MBEDTLS_PRIVATE(N), &prv->MBEDTLS_PRIVATE(N) ) != 0 || + mbedtls_mpi_cmp_mpi( &pub->MBEDTLS_PRIVATE(E), &prv->MBEDTLS_PRIVATE(E) ) != 0 ) { return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); } @@ -1027,35 +1021,35 @@ static CCError_t validate_mbedtls_rsa_context_private_key(mbedtls_rsa_context * GOTO_END( CC_RSA_INVALID_PRIV_KEY_STRUCT_POINTER_ERROR ); } - if (ctx->N.p == NULL) + if (ctx->MBEDTLS_PRIVATE(N).MBEDTLS_PRIVATE(p) == NULL) { GOTO_END( CC_RSA_INVALID_MODULUS_POINTER_ERROR ); } - if (ctx->len == 0) + if (ctx->MBEDTLS_PRIVATE(len) == 0) { GOTO_END( CC_RSA_INVALID_MODULUS_SIZE ); } #if defined(MBEDTLS_RSA_NO_CRT) - if (ctx->D.p == NULL) + if (ctx->MBEDTLS_PRIVATE(D).MBEDTLS_PRIVATE(p) == NULL) { GOTO_END( CC_RSA_INVALID_EXPONENT_POINTER_ERROR ); } #else - if (ctx->P.p == NULL) + if (ctx->MBEDTLS_PRIVATE(P).MBEDTLS_PRIVATE(p) == NULL) GOTO_END( CC_RSA_INVALID_CRT_FIRST_FACTOR_POINTER_ERROR ); - if (ctx->Q.p == NULL) + if (ctx->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(p) == NULL) GOTO_END( CC_RSA_INVALID_CRT_SECOND_FACTOR_POINTER_ERROR ); - if (ctx->DP.p == NULL) + if (ctx->MBEDTLS_PRIVATE(DP).MBEDTLS_PRIVATE(p) == NULL) GOTO_END( CC_RSA_INVALID_CRT_FIRST_FACTOR_EXP_PTR_ERROR ); - if (ctx->DQ.p == NULL) + if (ctx->MBEDTLS_PRIVATE(DQ).MBEDTLS_PRIVATE(p) == NULL) GOTO_END( CC_RSA_INVALID_CRT_SECOND_FACTOR_EXP_PTR_ERROR ); - if (ctx->QP.p == NULL) + if (ctx->MBEDTLS_PRIVATE(QP).MBEDTLS_PRIVATE(p) == NULL) GOTO_END( CC_RSA_INVALID_CRT_COEFFICIENT_PTR_ERROR ); #endif @@ -1074,14 +1068,14 @@ static CCError_t validate_mbedtls_rsa_context_public_key(mbedtls_rsa_context * c } /* ...... checking the validity of the exponent pointer ............... */ - if (ctx->E.p == NULL) + if (ctx->MBEDTLS_PRIVATE(E).MBEDTLS_PRIVATE(p) == NULL) GOTO_END( CC_RSA_INVALID_EXPONENT_POINTER_ERROR ); /* ...... checking the validity of the modulus pointer .............. */ - if (ctx->N.p == NULL) + if (ctx->MBEDTLS_PRIVATE(N).MBEDTLS_PRIVATE(p) == NULL) GOTO_END( CC_RSA_INVALID_MODULUS_POINTER_ERROR ); - if (ctx->len == 0) + if (ctx->MBEDTLS_PRIVATE(len) == 0) { GOTO_END( CC_RSA_INVALID_MODULUS_SIZE ); } @@ -1124,9 +1118,9 @@ static CCError_t build_cc_priv_non_crt_key( /* ................. checking the validity of the pointer arguments ....... */ /* ------------------------------------------------------------------------ */ CHECK_AND_RETURN_ERR_UPON_FIPS_ERROR(); - ModulusSize = mbedtls_mpi_size(&ctx->N); - PubExponentSize = mbedtls_mpi_size(&ctx->E); - PrivExponentSize = mbedtls_mpi_size(&ctx->D); + ModulusSize = mbedtls_mpi_size(&ctx->MBEDTLS_PRIVATE(N)); + PubExponentSize = mbedtls_mpi_size(&ctx->MBEDTLS_PRIVATE(E)); + PrivExponentSize = mbedtls_mpi_size(&ctx->MBEDTLS_PRIVATE(D)); /* ...... checking the validity of the modulus size, private exponent can not be more than 256 bytes .............. */ if (ModulusSize > CC_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BYTES) @@ -1148,8 +1142,8 @@ static CCError_t build_cc_priv_non_crt_key( /* clear the private key db */ CC_PalMemSetZero(PrivKey_ptr, sizeof(CCRsaPrivKey_t)); - CC_PalMemCopy(PrivKey_ptr->n, ctx->N.p, ModulusSize); - CC_PalMemCopy(PrivKey_ptr->PriveKeyDb.NonCrt.d, ctx->D.p, PrivExponentSize); + CC_PalMemCopy(PrivKey_ptr->n, ctx->MBEDTLS_PRIVATE(N).MBEDTLS_PRIVATE(p), ModulusSize); + CC_PalMemCopy(PrivKey_ptr->PriveKeyDb.NonCrt.d, ctx->MBEDTLS_PRIVATE(D).MBEDTLS_PRIVATE(p), PrivExponentSize); /* .................. initializing local variables ................... */ /* ------------------------------------------------------------------- */ @@ -1193,8 +1187,8 @@ static CCError_t build_cc_priv_non_crt_key( } /* checking that the public exponent is an integer between 3 and modulus - 1 */ - if ( ctx->E.p != NULL ) { - CC_PalMemCopy(PrivKey_ptr->PriveKeyDb.NonCrt.e, ctx->E.p, PubExponentSize); + if ( ctx->MBEDTLS_PRIVATE(E).MBEDTLS_PRIVATE(p) != NULL ) { + CC_PalMemCopy(PrivKey_ptr->PriveKeyDb.NonCrt.e, ctx->MBEDTLS_PRIVATE(E).MBEDTLS_PRIVATE(p), PubExponentSize); PubExponentEffectiveSizeInBits = CC_CommonGetWordsCounterEffectiveSizeInBits(PrivKey_ptr->PriveKeyDb.NonCrt.e, (PubExponentSize+3)/4); @@ -1296,12 +1290,12 @@ static CCError_t build_cc_priv_crt_key( /* ................. checking the validity of the pointer arguments ....... */ /* ------------------------------------------------------------------------ */ CHECK_AND_RETURN_ERR_UPON_FIPS_ERROR(); - PSize = mbedtls_mpi_size(&ctx->P); - QSize = mbedtls_mpi_size(&ctx->Q); - dPSize = mbedtls_mpi_size(&ctx->DP); - dQSize = mbedtls_mpi_size(&ctx->DQ); - qInvSize = mbedtls_mpi_size(&ctx->QP); - ModulusSize = mbedtls_mpi_size(&ctx->N); + PSize = mbedtls_mpi_size(&ctx->MBEDTLS_PRIVATE(P)); + QSize = mbedtls_mpi_size(&ctx->MBEDTLS_PRIVATE(Q)); + dPSize = mbedtls_mpi_size(&ctx->MBEDTLS_PRIVATE(DP)); + dQSize = mbedtls_mpi_size(&ctx->MBEDTLS_PRIVATE(DQ)); + qInvSize = mbedtls_mpi_size(&ctx->MBEDTLS_PRIVATE(QP)); + ModulusSize = mbedtls_mpi_size(&ctx->MBEDTLS_PRIVATE(N)); /* checking the input sizes */ @@ -1318,7 +1312,7 @@ static CCError_t build_cc_priv_crt_key( /* verifying the first factor exponent is less then the first factor */ CounterCmpResult = - CC_CommonCmpLsWordsUnsignedCounters(ctx->DP.p, mbedtls_mpi_size_in_words(&ctx->DP), ctx->P.p, mbedtls_mpi_size_in_words(&ctx->P)); + CC_CommonCmpLsWordsUnsignedCounters(ctx->MBEDTLS_PRIVATE(DP).MBEDTLS_PRIVATE(p), mbedtls_mpi_size_in_words(&ctx->MBEDTLS_PRIVATE(DP)), ctx->MBEDTLS_PRIVATE(P).MBEDTLS_PRIVATE(p), mbedtls_mpi_size_in_words(&ctx->MBEDTLS_PRIVATE(P))); if (CounterCmpResult != CC_COMMON_CmpCounter2GreaterThenCounter1) { GOTO_END(CC_RSA_INVALID_CRT_FIRST_FACTOR_EXPONENT_VAL); @@ -1326,7 +1320,7 @@ static CCError_t build_cc_priv_crt_key( /* verifying the second factor exponent is less then the second factor */ CounterCmpResult = - CC_CommonCmpLsWordsUnsignedCounters(ctx->DQ.p, mbedtls_mpi_size_in_words(&ctx->DQ), ctx->Q.p, mbedtls_mpi_size_in_words(&ctx->Q)); + CC_CommonCmpLsWordsUnsignedCounters(ctx->MBEDTLS_PRIVATE(DQ).MBEDTLS_PRIVATE(p), mbedtls_mpi_size_in_words(&ctx->MBEDTLS_PRIVATE(DQ)), ctx->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(p), mbedtls_mpi_size_in_words(&ctx->MBEDTLS_PRIVATE(Q))); if (CounterCmpResult != CC_COMMON_CmpCounter2GreaterThenCounter1) { GOTO_END(CC_RSA_INVALID_CRT_SECOND_FACTOR_EXPONENT_VAL); @@ -1334,7 +1328,7 @@ static CCError_t build_cc_priv_crt_key( /* verifying the CRT coefficient is less then the first factor */ CounterCmpResult = - CC_CommonCmpLsWordsUnsignedCounters(ctx->QP.p, mbedtls_mpi_size_in_words(&ctx->QP), ctx->P.p, mbedtls_mpi_size_in_words(&ctx->P)); + CC_CommonCmpLsWordsUnsignedCounters(ctx->MBEDTLS_PRIVATE(QP).MBEDTLS_PRIVATE(p), mbedtls_mpi_size_in_words(&ctx->MBEDTLS_PRIVATE(QP)), ctx->MBEDTLS_PRIVATE(P).MBEDTLS_PRIVATE(p), mbedtls_mpi_size_in_words(&ctx->MBEDTLS_PRIVATE(P))); if (CounterCmpResult != CC_COMMON_CmpCounter2GreaterThenCounter1) { GOTO_END(CC_RSA_INVALID_CRT_COEFF_VAL); @@ -1350,11 +1344,11 @@ static CCError_t build_cc_priv_crt_key( /* clear the private key db */ CC_PalMemSetZero(PrivKey_ptr, sizeof(CCRsaPrivKey_t)); - CC_PalMemCopy(PrivKey_ptr->PriveKeyDb.Crt.P, ctx->P.p, PSize); - CC_PalMemCopy(PrivKey_ptr->PriveKeyDb.Crt.Q, ctx->Q.p, QSize); - CC_PalMemCopy(PrivKey_ptr->PriveKeyDb.Crt.dP, ctx->DP.p, dPSize); - CC_PalMemCopy(PrivKey_ptr->PriveKeyDb.Crt.dQ, ctx->DQ.p, dQSize); - CC_PalMemCopy(PrivKey_ptr->PriveKeyDb.Crt.qInv, ctx->QP.p, qInvSize); + CC_PalMemCopy(PrivKey_ptr->PriveKeyDb.Crt.P, ctx->MBEDTLS_PRIVATE(P).MBEDTLS_PRIVATE(p), PSize); + CC_PalMemCopy(PrivKey_ptr->PriveKeyDb.Crt.Q, ctx->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(p), QSize); + CC_PalMemCopy(PrivKey_ptr->PriveKeyDb.Crt.dP, ctx->MBEDTLS_PRIVATE(DP).MBEDTLS_PRIVATE(p), dPSize); + CC_PalMemCopy(PrivKey_ptr->PriveKeyDb.Crt.dQ, ctx->MBEDTLS_PRIVATE(DQ).MBEDTLS_PRIVATE(p), dQSize); + CC_PalMemCopy(PrivKey_ptr->PriveKeyDb.Crt.qInv, ctx->MBEDTLS_PRIVATE(QP).MBEDTLS_PRIVATE(p), qInvSize); /* .................. initializing local variables ................... */ /* ------------------------------------------------------------------- */ @@ -1407,7 +1401,7 @@ static CCError_t build_cc_priv_crt_key( GOTO_CLEANUP(CC_RSA_INTERNAL_ERROR); } #else - CC_PalMemCopy(PrivKey_ptr->n, ctx->N.p, ModulusSize); + CC_PalMemCopy(PrivKey_ptr->n, ctx->MBEDTLS_PRIVATE(N).MBEDTLS_PRIVATE(p), ModulusSize); #endif ModulusEffectiveSizeInBits = @@ -1507,15 +1501,15 @@ static CCError_t build_cc_pubkey( /* ------------------------------------------------------------------------ */ CHECK_AND_RETURN_ERR_UPON_FIPS_ERROR(); - ModulusSize = mbedtls_mpi_size(&ctx->N); - ExponentSize = mbedtls_mpi_size(&ctx->E); + ModulusSize = mbedtls_mpi_size(&ctx->MBEDTLS_PRIVATE(N)); + ExponentSize = mbedtls_mpi_size(&ctx->MBEDTLS_PRIVATE(E)); if ((ExponentSize > CC_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BYTES) || - (ctx->E.n == 0)) + (ctx->MBEDTLS_PRIVATE(E).MBEDTLS_PRIVATE(n) == 0)) return CC_RSA_INVALID_EXPONENT_SIZE; if ((ModulusSize > CC_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BYTES) || - (ctx->N.n == 0)) + (ctx->MBEDTLS_PRIVATE(N).MBEDTLS_PRIVATE(n) == 0)) { return CC_RSA_INVALID_MODULUS_SIZE; } @@ -1527,8 +1521,8 @@ static CCError_t build_cc_pubkey( /* clear the public key db */ CC_PalMemSetZero( PubKey_ptr, sizeof(CCRsaPubKey_t) ); - CC_PalMemCopy(PubKey_ptr->n, ctx->N.p, mbedtls_mpi_size(&ctx->N)); - CC_PalMemCopy(PubKey_ptr->e, ctx->E.p, mbedtls_mpi_size(&ctx->E)); + CC_PalMemCopy(PubKey_ptr->n, ctx->MBEDTLS_PRIVATE(N).MBEDTLS_PRIVATE(p), mbedtls_mpi_size(&ctx->MBEDTLS_PRIVATE(N))); + CC_PalMemCopy(PubKey_ptr->e, ctx->MBEDTLS_PRIVATE(E).MBEDTLS_PRIVATE(p), mbedtls_mpi_size(&ctx->MBEDTLS_PRIVATE(E))); /* .................. initializing local variables ................... */ /* ------------------------------------------------------------------- */ @@ -1626,16 +1620,16 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, } #if defined(MBEDTLS_THREADING_C) - if ( (ret = mbedtls_mutex_lock(&ctx->mutex) ) != 0) + if ( (ret = mbedtls_mutex_lock(&ctx->MBEDTLS_PRIVATE(mutex)) ) != 0) return( ret ); #endif /* ...... checking the validity of the exponent pointer ............... */ - if (ctx->E.p == NULL) + if (ctx->MBEDTLS_PRIVATE(E).MBEDTLS_PRIVATE(p) == NULL) return CC_RSA_INVALID_EXPONENT_POINTER_ERROR; /* ...... checking the validity of the modulus pointer .............. */ - if (ctx->N.p == NULL) + if (ctx->MBEDTLS_PRIVATE(N).MBEDTLS_PRIVATE(p) == NULL) return CC_RSA_INVALID_MODULUS_POINTER_ERROR; UserPubKey_ptr = (CCRsaUserPubKey_t *)mbedtls_calloc(1, sizeof(CCRsaUserPubKey_t)); @@ -1655,7 +1649,7 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, goto End; } - Error = CC_RsaPrimEncrypt(UserPubKey_ptr, PrimeData_ptr, (unsigned char *)input, ctx->len, output); + Error = CC_RsaPrimEncrypt(UserPubKey_ptr, PrimeData_ptr, (unsigned char *)input, ctx->MBEDTLS_PRIVATE(len), output); if ( Error != CC_OK ) { goto End; } @@ -1667,7 +1661,7 @@ End: mbedtls_free(UserPubKey_ptr); #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) + if( mbedtls_mutex_unlock( &ctx->MBEDTLS_PRIVATE(mutex) ) != 0 ) return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); #endif @@ -1712,7 +1706,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, } #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) + if( ( ret = mbedtls_mutex_lock( &ctx->MBEDTLS_PRIVATE(mutex) ) ) != 0 ) return( ret ); #endif @@ -1736,13 +1730,13 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, GOTO_CLEANUP(Error); } - Error = CC_RsaPrimDecrypt(UserPrivKey_ptr, PrimeData_ptr, (unsigned char *)input, ctx->len, output); + Error = CC_RsaPrimDecrypt(UserPrivKey_ptr, PrimeData_ptr, (unsigned char *)input, ctx->MBEDTLS_PRIVATE(len), output); if ( Error != CC_OK ) { GOTO_CLEANUP(Error); } Cleanup: if ( Error != CC_OK ) { - mbedtls_zeroize_internal(output, ctx->len); + mbedtls_zeroize_internal(output, ctx->MBEDTLS_PRIVATE(len)); } mbedtls_zeroize_internal(UserPrivKey_ptr, sizeof(CCRsaUserPrivKey_t)); mbedtls_zeroize_internal(PrimeData_ptr, sizeof(CCRsaPrimeData_t)); @@ -1750,7 +1744,7 @@ Cleanup: mbedtls_free(UserPrivKey_ptr); End: #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) + if( mbedtls_mutex_unlock( &ctx->MBEDTLS_PRIVATE(mutex) ) != 0 ) return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); #endif @@ -1765,7 +1759,6 @@ End: int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, const unsigned char *label, size_t label_len, size_t ilen, const unsigned char *input, @@ -1788,11 +1781,6 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, GOTO_END( CC_RSA_INVALID_PTR_ERROR ); } - if( mode != MBEDTLS_RSA_PUBLIC ) - { - GOTO_END( CC_RSA_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR ); - } - if( input == NULL || output == NULL ) { GOTO_END( CC_RSA_INVALID_PTR_ERROR ); @@ -1814,13 +1802,13 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, GOTO_END( Error ); } - if (ctx->padding != MBEDTLS_RSA_PKCS_V21) + if (ctx->MBEDTLS_PRIVATE(padding) != MBEDTLS_RSA_PKCS_V21) { GOTO_END( CC_RSA_DATA_POINTER_INVALID_ERROR ); } - if ( (Error = convert_mbedtls_md_type_to_cc_rsa_hash_opmode((mbedtls_md_type_t)ctx->hash_id, + if ( (Error = convert_mbedtls_md_type_to_cc_rsa_hash_opmode((mbedtls_md_type_t)ctx->MBEDTLS_PRIVATE(hash_id), 0, // HashMode - before &hashOpMode, &hashOutputSizeBytes)) != CC_OK ) @@ -1828,13 +1816,13 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, GOTO_CLEANUP( Error ); } - md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id ); + md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->MBEDTLS_PRIVATE(hash_id) ); if( md_info == NULL ) { GOTO_END( CC_RSA_HASH_ILLEGAL_OPERATION_MODE_ERROR ); } - olen = ctx->len; + olen = ctx->MBEDTLS_PRIVATE(len); hlen = mbedtls_md_get_size( md_info ); /* first comparison checks for overflow */ @@ -1879,7 +1867,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, Cleanup: if ( Error != CC_OK ) { - mbedtls_zeroize_internal(output, ctx->len); + mbedtls_zeroize_internal(output, ctx->MBEDTLS_PRIVATE(len)); } mbedtls_zeroize_internal(UserPubKey_ptr, sizeof(CCRsaUserPubKey_t)); mbedtls_zeroize_internal(PrimeData_ptr, sizeof(CCRsaPrimeData_t)); @@ -1897,7 +1885,6 @@ End: int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, size_t ilen, const unsigned char *input, unsigned char *output ) @@ -1914,11 +1901,6 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, GOTO_END( CC_RSA_INVALID_PTR_ERROR ); } - if( mode != MBEDTLS_RSA_PUBLIC ) - { - GOTO_END( CC_RSA_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR ); - } - if( input == NULL || output == NULL ) { GOTO_END( CC_RSA_INVALID_PTR_ERROR ); @@ -1938,13 +1920,13 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, GOTO_END( Error ); } - if ( ctx->padding != MBEDTLS_RSA_PKCS_V15 ) + if ( ctx->MBEDTLS_PRIVATE(padding) != MBEDTLS_RSA_PKCS_V15 ) { GOTO_END( CC_RSA_DATA_POINTER_INVALID_ERROR ); } /* first comparison checks for overflow */ - if( ilen + 11 < ilen || ctx->len < ilen + 11 ) + if( ilen + 11 < ilen || ctx->MBEDTLS_PRIVATE(len) < ilen + 11 ) { GOTO_END( CC_RSA_INVALID_MESSAGE_DATA_SIZE ); } @@ -1982,7 +1964,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, Cleanup: if ( Error != CC_OK ) { - mbedtls_zeroize_internal(output, ctx->len); + mbedtls_zeroize_internal(output, ctx->MBEDTLS_PRIVATE(len)); } mbedtls_zeroize_internal(UserPubKey_ptr, sizeof(CCRsaUserPubKey_t)); mbedtls_zeroize_internal(PrimeData_ptr, sizeof(CCRsaPrimeData_t)); @@ -2001,7 +1983,7 @@ End: int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, size_t ilen, + size_t ilen, const unsigned char *input, unsigned char *output ) { @@ -2010,17 +1992,17 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } - switch( ctx->padding ) + switch( ctx->MBEDTLS_PRIVATE(padding) ) { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng, mode, ilen, + return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng, ilen, input, output ); #endif #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, mode, NULL, 0, + return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, NULL, 0, ilen, input, output ); #endif @@ -2036,7 +2018,6 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, const unsigned char *label, size_t label_len, size_t *olen, const unsigned char *input, @@ -2054,12 +2035,6 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, CC_UNUSED_PARAM(f_rng); CC_UNUSED_PARAM(p_rng); - // mbedtls supports decryption with public key, CC does not - if ( mode != MBEDTLS_RSA_PRIVATE ) - { - GOTO_END( CC_RSA_INVALID_DECRYPRION_MODE_ERROR ); - } - if( input == NULL || output == NULL ) { GOTO_END( CC_RSA_INVALID_PTR_ERROR ); @@ -2071,16 +2046,16 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, GOTO_END( Error ); } - if ( ctx->padding != MBEDTLS_RSA_PKCS_V21 ) + if ( ctx->MBEDTLS_PRIVATE(padding) != MBEDTLS_RSA_PKCS_V21 ) GOTO_END( CC_RSA_DATA_POINTER_INVALID_ERROR ); // Sanity check on input length, not sure it's needed - if( ctx->len < 16 || ctx->len > MBEDTLS_MPI_MAX_SIZE ) + if( ctx->MBEDTLS_PRIVATE(len) < 16 || ctx->MBEDTLS_PRIVATE(len) > MBEDTLS_MPI_MAX_SIZE ) { GOTO_END( CC_RSA_INVALID_MESSAGE_DATA_SIZE ); } - if ( ( Error = convert_mbedtls_md_type_to_cc_rsa_hash_opmode((mbedtls_md_type_t)ctx->hash_id, + if ( ( Error = convert_mbedtls_md_type_to_cc_rsa_hash_opmode((mbedtls_md_type_t)ctx->MBEDTLS_PRIVATE(hash_id), 0, // HashMode - before &hashOpMode, &hashOutputSizeBytes) ) != CC_OK ) @@ -2089,7 +2064,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, } // checking for integer underflow - if( 2 * hashOutputSizeBytes + 2 > ctx->len ) + if( 2 * hashOutputSizeBytes + 2 > ctx->MBEDTLS_PRIVATE(len) ) { GOTO_END( CC_RSA_INVALID_MESSAGE_DATA_SIZE ); } @@ -2126,7 +2101,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, label_len, CC_PKCS1_MGF1, (unsigned char *)input, // Need to remove the const-ness - ctx->len, + ctx->MBEDTLS_PRIVATE(len), output, olen); if ( Error != CC_OK) @@ -2142,7 +2117,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, Cleanup: if ( Error != CC_OK ) { - mbedtls_zeroize_internal(output, ctx->len); + mbedtls_zeroize_internal(output, ctx->MBEDTLS_PRIVATE(len)); } mbedtls_zeroize_internal(UserPrivKey_ptr, sizeof(CCRsaUserPrivKey_t)); mbedtls_zeroize_internal(PrimeData_ptr, sizeof(CCRsaPrimeData_t)); @@ -2160,7 +2135,6 @@ End: int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, size_t *olen, const unsigned char *input, unsigned char *output, @@ -2180,12 +2154,6 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, CC_UNUSED_PARAM(f_rng); CC_UNUSED_PARAM(p_rng); - // mbedtls supports decryption with public key, CC does not - if (mode != MBEDTLS_RSA_PRIVATE) - { - GOTO_END( CC_RSA_INVALID_DECRYPRION_MODE_ERROR ); - } - if( input == NULL || output == NULL ) { GOTO_END( CC_RSA_INVALID_PTR_ERROR ); @@ -2198,13 +2166,13 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, GOTO_END( Error ); } - if( ctx->padding != MBEDTLS_RSA_PKCS_V15 ) + if( ctx->MBEDTLS_PRIVATE(padding) != MBEDTLS_RSA_PKCS_V15 ) { GOTO_END( CC_RSA_DATA_POINTER_INVALID_ERROR ); } // Sanity check on input length, not sure it's needed - if( ctx->len < 16 || ctx->len > MBEDTLS_MPI_MAX_SIZE ) + if( ctx->MBEDTLS_PRIVATE(len) < 16 || ctx->MBEDTLS_PRIVATE(len) > MBEDTLS_MPI_MAX_SIZE ) { GOTO_END( CC_RSA_INVALID_MESSAGE_DATA_SIZE ); } @@ -2237,7 +2205,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, Error = CC_RsaPkcs1V15Decrypt(UserPrivKey_ptr, PrimeData_ptr, (unsigned char *)input, // Need to remove the const-ness - ctx->len, + ctx->MBEDTLS_PRIVATE(len), output, olen); @@ -2254,7 +2222,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, Cleanup: if ( Error != CC_OK ) { - mbedtls_zeroize_internal(output, ctx->len); + mbedtls_zeroize_internal(output, ctx->MBEDTLS_PRIVATE(len)); } mbedtls_zeroize_internal(UserPrivKey_ptr, sizeof(CCRsaUserPrivKey_t)); mbedtls_zeroize_internal(PrimeData_ptr, sizeof(CCRsaPrimeData_t)); @@ -2272,7 +2240,7 @@ End: int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, size_t *olen, + size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len) @@ -2282,17 +2250,17 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } - switch( ctx->padding ) + switch( ctx->MBEDTLS_PRIVATE(padding) ) { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsaes_pkcs1_v15_decrypt( ctx, f_rng, p_rng, mode, olen, + return mbedtls_rsa_rsaes_pkcs1_v15_decrypt( ctx, f_rng, p_rng, olen, input, output, output_max_len ); #endif #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsaes_oaep_decrypt( ctx, f_rng, p_rng, mode, NULL, 0, + return mbedtls_rsa_rsaes_oaep_decrypt( ctx, f_rng, p_rng, NULL, 0, olen, input, output, output_max_len ); #endif @@ -2309,7 +2277,6 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, @@ -2329,10 +2296,6 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, if (ctx == NULL){ GOTO_END( CC_RSA_INVALID_PTR_ERROR ); } - if (mode != MBEDTLS_RSA_PRIVATE) /* In cryptocell only private key operations are allowed with sign */ - { - GOTO_END( CC_RSA_WRONG_PRIVATE_KEY_TYPE ); - } if ( NULL == sig || NULL == hash ) { GOTO_END( CC_RSA_INVALID_PTR_ERROR ); @@ -2346,7 +2309,7 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, encoding. md_alg in the function call is the type of hash that is encoded. According to RFC 3447 it is advised to keep both hashes the same. */ - if ( md_alg != ( mbedtls_md_type_t ) ctx->hash_id ) + if ( md_alg != ( mbedtls_md_type_t ) ctx->MBEDTLS_PRIVATE(hash_id) ) { GOTO_END( CC_RSA_HASH_ILLEGAL_OPERATION_MODE_ERROR ); } @@ -2389,7 +2352,7 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, GOTO_CLEANUP( Error ); } - sig_size = mbedtls_mpi_size( ( const mbedtls_mpi *)&( ctx->N ) ); + sig_size = mbedtls_mpi_size( ( const mbedtls_mpi *)&( ctx->MBEDTLS_PRIVATE(N) ) ); Error = CC_RsaPssSign( &rndContext, UserContext_ptr, @@ -2421,7 +2384,6 @@ End: int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, @@ -2441,10 +2403,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, if (ctx == NULL){ GOTO_END( CC_RSA_INVALID_PTR_ERROR ); } - if (mode != MBEDTLS_RSA_PRIVATE) /* In cryptocell only private key operations are allowed with sign */ - { - GOTO_END( CC_RSA_WRONG_PRIVATE_KEY_TYPE ); - } if (NULL == sig || NULL == hash) { GOTO_END( CC_RSA_INVALID_PTR_ERROR ); @@ -2493,7 +2451,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, GOTO_CLEANUP(Error); } - sig_size = mbedtls_mpi_size( (const mbedtls_mpi *)&(ctx->N) ); + sig_size = mbedtls_mpi_size( (const mbedtls_mpi *)&(ctx->MBEDTLS_PRIVATE(N)) ); Error = CC_RsaPkcs1V15Sign(&rndContext, UserContext_ptr, UserPrivKey_ptr, @@ -2518,7 +2476,6 @@ End: int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, @@ -2529,17 +2486,17 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } - switch( ctx->padding ) + switch( ctx->MBEDTLS_PRIVATE(padding) ) { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, mode, md_alg, + return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, md_alg, hashlen, hash, sig ); #endif #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, mode, md_alg, + return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, md_alg, hashlen, hash, sig ); #endif @@ -2553,9 +2510,6 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * Implementation of the PKCS#1 v2.1 RSASSA-PSS-VERIFY function */ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, @@ -2570,18 +2524,11 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, CCError_t Error = CC_OK; mbedtls_md_type_t mdType; - CC_UNUSED_PARAM(f_rng); - CC_UNUSED_PARAM(p_rng); - /* Check input parameters */ if (ctx == NULL){ GOTO_END( CC_RSA_WRONG_PRIVATE_KEY_TYPE ); } - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) /* In cryptocell only public key operations are allowed with verify */ - { - GOTO_END( CC_RSA_WRONG_PRIVATE_KEY_TYPE ); - } if (NULL == sig || NULL == hash) { GOTO_END( CC_RSA_INVALID_PTR_ERROR ); @@ -2639,9 +2586,6 @@ End: * Simplified PKCS#1 v2.1 RSASSA-PSS-VERIFY function */ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, @@ -2652,10 +2596,10 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } - if (( ctx->hash_id != MBEDTLS_MD_NONE ) && ((mbedtls_md_type_t) ctx->hash_id != md_alg)){ + if (( ctx->MBEDTLS_PRIVATE(hash_id) != MBEDTLS_MD_NONE ) && ((mbedtls_md_type_t) ctx->MBEDTLS_PRIVATE(hash_id) != md_alg)){ return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } - return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, f_rng, p_rng, mode, + return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, md_alg, hashlen, hash, md_alg, MBEDTLS_RSA_SALT_LEN_ANY, sig ) ); @@ -2665,9 +2609,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, #if defined(MBEDTLS_PKCS1_V15) int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, @@ -2679,8 +2620,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, size_t hashOutputSizeBytes = 0; CCError_t Error = CC_OK; - CC_UNUSED_PARAM(f_rng); - CC_UNUSED_PARAM(p_rng); /* Check input parameters */ if (ctx == NULL){ GOTO_END( CC_RSA_INVALID_PTR_ERROR ); @@ -2702,10 +2641,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, { hashlen = hashOutputSizeBytes; } - if (mode != MBEDTLS_RSA_PUBLIC) /* In cryptocell only public key operations are allowed with verify */ - { - GOTO_END( CC_RSA_WRONG_PRIVATE_KEY_TYPE ); - } if (NULL == sig || NULL == hash) { GOTO_END( CC_RSA_INVALID_PTR_ERROR ); @@ -2748,9 +2683,6 @@ End: * Do an RSA operation and check the message digest */ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, @@ -2761,17 +2693,17 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } - switch( ctx->padding ) + switch( ctx->MBEDTLS_PRIVATE(padding) ) { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, f_rng, p_rng, mode, md_alg, + return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, md_alg, hashlen, hash, sig ); #endif #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsassa_pss_verify( ctx, f_rng, p_rng, mode, md_alg, + return mbedtls_rsa_rsassa_pss_verify( ctx, md_alg, hashlen, hash, sig ); #endif @@ -2791,32 +2723,32 @@ int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ) return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } - dst->ver = src->ver; - dst->len = src->len; + dst->MBEDTLS_PRIVATE(ver) = src->MBEDTLS_PRIVATE(ver); + dst->MBEDTLS_PRIVATE(len) = src->MBEDTLS_PRIVATE(len); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->N, &src->N ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->E, &src->E ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(N), &src->MBEDTLS_PRIVATE(N) ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(E), &src->MBEDTLS_PRIVATE(E) ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->D, &src->D ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->P, &src->P ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Q, &src->Q ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->DP, &src->DP ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->DQ, &src->DQ ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->QP, &src->QP ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(D), &src->MBEDTLS_PRIVATE(D) ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(P), &src->MBEDTLS_PRIVATE(P) ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(Q), &src->MBEDTLS_PRIVATE(Q) ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(DP), &src->MBEDTLS_PRIVATE(DP) ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(DQ), &src->MBEDTLS_PRIVATE(DQ) ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(QP), &src->MBEDTLS_PRIVATE(QP) ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RN, &src->RN ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RP, &src->RP ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RQ, &src->RQ ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(RN), &src->MBEDTLS_PRIVATE(RN) ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(RP), &src->MBEDTLS_PRIVATE(RP) ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(RQ), &src->MBEDTLS_PRIVATE(RQ) ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->NP, &src->NP ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->BPP, &src->BPP ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->BQP, &src->BQP ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(NP), &src->MBEDTLS_PRIVATE(NP) ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(BPP), &src->MBEDTLS_PRIVATE(BPP) ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(BQP), &src->MBEDTLS_PRIVATE(BQP) ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Vi, &src->Vi ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Vf, &src->Vf ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(Vi), &src->MBEDTLS_PRIVATE(Vi) ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->MBEDTLS_PRIVATE(Vf), &src->MBEDTLS_PRIVATE(Vf) ) ); - dst->padding = src->padding; - dst->hash_id = src->hash_id; + dst->MBEDTLS_PRIVATE(padding) = src->MBEDTLS_PRIVATE(padding); + dst->MBEDTLS_PRIVATE(hash_id) = src->MBEDTLS_PRIVATE(hash_id); cleanup: if( ret != 0 ) @@ -2831,15 +2763,15 @@ cleanup: void mbedtls_rsa_free( mbedtls_rsa_context *ctx ) { if (ctx != NULL) { - mbedtls_mpi_free( &ctx->BQP ); mbedtls_mpi_free( &ctx->BPP ); mbedtls_mpi_free( &ctx->NP ); - mbedtls_mpi_free( &ctx->Vi ); mbedtls_mpi_free( &ctx->Vf ); - mbedtls_mpi_free( &ctx->RQ ); mbedtls_mpi_free( &ctx->RP ); mbedtls_mpi_free( &ctx->RN ); - mbedtls_mpi_free( &ctx->QP ); mbedtls_mpi_free( &ctx->DQ ); mbedtls_mpi_free( &ctx->DP ); - mbedtls_mpi_free( &ctx->Q ); mbedtls_mpi_free( &ctx->P ); mbedtls_mpi_free( &ctx->D ); - mbedtls_mpi_free( &ctx->E ); mbedtls_mpi_free( &ctx->N ); + mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(BQP) ); mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(BPP) ); mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(NP) ); + mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(Vi) ); mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(Vf) ); + mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(RQ) ); mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(RP) ); mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(RN) ); + mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(QP) ); mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(DQ) ); mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(DP) ); + mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(Q) ); mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(P) ); mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(D) ); + mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(E) ); mbedtls_mpi_free( &ctx->MBEDTLS_PRIVATE(N) ); #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_free( &ctx->mutex ); + mbedtls_mutex_free( &ctx->MBEDTLS_PRIVATE(mutex) ); #endif } } @@ -2856,17 +2788,17 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } - if( ( N != NULL && ( ret = mbedtls_mpi_copy( &ctx->N, N ) ) != 0 ) || - ( P != NULL && ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ) || - ( Q != NULL && ( ret = mbedtls_mpi_copy( &ctx->Q, Q ) ) != 0 ) || - ( D != NULL && ( ret = mbedtls_mpi_copy( &ctx->D, D ) ) != 0 ) || - ( E != NULL && ( ret = mbedtls_mpi_copy( &ctx->E, E ) ) != 0 ) ) + if( ( N != NULL && ( ret = mbedtls_mpi_copy( &ctx->MBEDTLS_PRIVATE(N), N ) ) != 0 ) || + ( P != NULL && ( ret = mbedtls_mpi_copy( &ctx->MBEDTLS_PRIVATE(P), P ) ) != 0 ) || + ( Q != NULL && ( ret = mbedtls_mpi_copy( &ctx->MBEDTLS_PRIVATE(Q), Q ) ) != 0 ) || + ( D != NULL && ( ret = mbedtls_mpi_copy( &ctx->MBEDTLS_PRIVATE(D), D ) ) != 0 ) || + ( E != NULL && ( ret = mbedtls_mpi_copy( &ctx->MBEDTLS_PRIVATE(E), E ) ) != 0 ) ) { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); } if( N != NULL ) - ctx->len = mbedtls_mpi_size( &ctx->N ); + ctx->MBEDTLS_PRIVATE(len) = mbedtls_mpi_size( &ctx->MBEDTLS_PRIVATE(N) ); return( 0 ); } @@ -2886,21 +2818,21 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, if( N != NULL ) { - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->N, N, N_len ) ); - ctx->len = mbedtls_mpi_size( &ctx->N ); + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->MBEDTLS_PRIVATE(N), N, N_len ) ); + ctx->MBEDTLS_PRIVATE(len) = mbedtls_mpi_size( &ctx->MBEDTLS_PRIVATE(N) ); } if( P != NULL ) - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->P, P, P_len ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->MBEDTLS_PRIVATE(P), P, P_len ) ); if( Q != NULL ) - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->Q, Q, Q_len ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->MBEDTLS_PRIVATE(Q), Q, Q_len ) ); if( D != NULL ) - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->D, D, D_len ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->MBEDTLS_PRIVATE(D), D, D_len ) ); if( E != NULL ) - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->E, E, E_len ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->MBEDTLS_PRIVATE(E), E, E_len ) ); cleanup: @@ -2939,8 +2871,8 @@ static int mbedtls_alt_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi * return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; } - tempBufSize = P->n; - sizeBitsP = P->n*sizeof(uint32_t)*8; + tempBufSize = P->MBEDTLS_PRIVATE(n); + sizeBitsP = P->MBEDTLS_PRIVATE(n)*sizeof(uint32_t)*8; ret = PkaInitAndMutexLock(2*sizeBitsP, ®Count); if (ret != 0) @@ -2954,9 +2886,9 @@ static int mbedtls_alt_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi * } PKA_SET_REG_SIZE(sizeBitsP, PLEN_ID); - PkaCopyDataIntoPkaReg(rP, REG_LEN_ID, P->p, P->n); - PkaCopyDataIntoPkaReg(rQ, REG_LEN_ID, Q->p, Q->n); - PkaCopyDataIntoPkaReg(rD, REG_LEN_ID, D->p, D->n); + PkaCopyDataIntoPkaReg(rP, REG_LEN_ID, P->MBEDTLS_PRIVATE(p), P->MBEDTLS_PRIVATE(n)); + PkaCopyDataIntoPkaReg(rQ, REG_LEN_ID, Q->MBEDTLS_PRIVATE(p), Q->MBEDTLS_PRIVATE(n)); + PkaCopyDataIntoPkaReg(rD, REG_LEN_ID, D->MBEDTLS_PRIVATE(p), D->MBEDTLS_PRIVATE(n)); ret = PkaCalcNpIntoPkaReg(PLEN_ID, sizeBitsP, rP/*regN*/, regNp, rT1, rT2 ); if (ret != 0) @@ -2979,14 +2911,14 @@ static int mbedtls_alt_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi * PKA_ADD_IM(MOD_LEN_ID, rP, rP, 1); PKA_ADD_IM(MOD_LEN_ID, rQ, rQ, 1); PKA_MOD_INV(PLEN_ID, rT3/*res*/, rQ); // rT3 = Q^-1 mod P - PkaCopyDataFromPkaReg(pTempBuf, P->n, rT1); - MBEDTLS_MPI_CHK(mbedtls_rsa_uint32_buf_to_mpi( DP, pTempBuf, P->n )); + PkaCopyDataFromPkaReg(pTempBuf, P->MBEDTLS_PRIVATE(n), rT1); + MBEDTLS_MPI_CHK(mbedtls_rsa_uint32_buf_to_mpi( DP, pTempBuf, P->MBEDTLS_PRIVATE(n) )); - PkaCopyDataFromPkaReg(pTempBuf, P->n, rT2); - MBEDTLS_MPI_CHK(mbedtls_rsa_uint32_buf_to_mpi( DQ, pTempBuf, P->n )); + PkaCopyDataFromPkaReg(pTempBuf, P->MBEDTLS_PRIVATE(n), rT2); + MBEDTLS_MPI_CHK(mbedtls_rsa_uint32_buf_to_mpi( DQ, pTempBuf, P->MBEDTLS_PRIVATE(n) )); - PkaCopyDataFromPkaReg (pTempBuf, P->n, rT3); - MBEDTLS_MPI_CHK(mbedtls_rsa_uint32_buf_to_mpi( QP, pTempBuf, P->n )); + PkaCopyDataFromPkaReg (pTempBuf, P->MBEDTLS_PRIVATE(n), rT3); + MBEDTLS_MPI_CHK(mbedtls_rsa_uint32_buf_to_mpi( QP, pTempBuf, P->MBEDTLS_PRIVATE(n) )); cleanup: PkaFinishAndMutexUnlock(regCount); @@ -3027,14 +2959,14 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) } - have_N = mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0; - have_P = mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0; - have_Q = mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0; - have_D = mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0; - have_E = mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0; - have_DP = mbedtls_mpi_cmp_int( &ctx->DP, 0 ) != 0; - have_DQ = mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) != 0; - have_QP = mbedtls_mpi_cmp_int( &ctx->QP, 0 ) != 0; + have_N = mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(N), 0 ) != 0; + have_P = mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(P), 0 ) != 0; + have_Q = mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(Q), 0 ) != 0; + have_D = mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(D), 0 ) != 0; + have_E = mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(E), 0 ) != 0; + have_DP = mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(DP), 0 ) != 0; + have_DQ = mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(DQ), 0 ) != 0; + have_QP = mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(QP), 0 ) != 0; /* * 1. The user may insert N, D, E and the complete function will not derive the P and Q from it. @@ -3069,13 +3001,13 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) //if N is requested to be calculated from P and Q, it will be done by sw if( !have_N && have_P && have_Q ) { - if( ( ret = mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, - &ctx->Q ) ) != 0 ) + if( ( ret = mbedtls_mpi_mul_mpi( &ctx->MBEDTLS_PRIVATE(N), &ctx->MBEDTLS_PRIVATE(P), + &ctx->MBEDTLS_PRIVATE(Q) ) ) != 0 ) { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); } - ctx->len = mbedtls_mpi_size( &ctx->N ); + ctx->MBEDTLS_PRIVATE(len) = mbedtls_mpi_size( &ctx->MBEDTLS_PRIVATE(N) ); } /* @@ -3087,8 +3019,8 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) if (( is_priv ) && (crt_missing)) { - ret = mbedtls_alt_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D, - &ctx->DP, &ctx->DQ, &ctx->QP ); + ret = mbedtls_alt_rsa_deduce_crt( &ctx->MBEDTLS_PRIVATE(P), &ctx->MBEDTLS_PRIVATE(Q), &ctx->MBEDTLS_PRIVATE(D), + &ctx->MBEDTLS_PRIVATE(DP), &ctx->MBEDTLS_PRIVATE(DQ), &ctx->MBEDTLS_PRIVATE(QP) ); if( ret != 0 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); } @@ -3118,11 +3050,11 @@ int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, /* Check if key is private or public */ is_priv = - mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0; + mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(N), 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(P), 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(Q), 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(D), 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(E), 0 ) != 0; if( !is_priv ) { @@ -3134,19 +3066,19 @@ int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, } if( N != NULL ) - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->N, N, N_len ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->MBEDTLS_PRIVATE(N), N, N_len ) ); if( P != NULL ) - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->P, P, P_len ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->MBEDTLS_PRIVATE(P), P, P_len ) ); if( Q != NULL ) - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->Q, Q, Q_len ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->MBEDTLS_PRIVATE(Q), Q, Q_len ) ); if( D != NULL ) - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->D, D, D_len ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->MBEDTLS_PRIVATE(D), D, D_len ) ); if( E != NULL ) - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->E, E, E_len ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->MBEDTLS_PRIVATE(E), E, E_len ) ); cleanup: @@ -3167,11 +3099,11 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, /* Check if key is private or public */ is_priv = - mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0; + mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(N), 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(P), 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(Q), 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(D), 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(E), 0 ) != 0; if( !is_priv ) { @@ -3183,11 +3115,11 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, } /* Export all requested core parameters. */ - if( ( N != NULL && ( ret = mbedtls_mpi_copy( N, &ctx->N ) ) != 0 ) || - ( P != NULL && ( ret = mbedtls_mpi_copy( P, &ctx->P ) ) != 0 ) || - ( Q != NULL && ( ret = mbedtls_mpi_copy( Q, &ctx->Q ) ) != 0 ) || - ( D != NULL && ( ret = mbedtls_mpi_copy( D, &ctx->D ) ) != 0 ) || - ( E != NULL && ( ret = mbedtls_mpi_copy( E, &ctx->E ) ) != 0 ) ) + if( ( N != NULL && ( ret = mbedtls_mpi_copy( N, &ctx->MBEDTLS_PRIVATE(N) ) ) != 0 ) || + ( P != NULL && ( ret = mbedtls_mpi_copy( P, &ctx->MBEDTLS_PRIVATE(P) ) ) != 0 ) || + ( Q != NULL && ( ret = mbedtls_mpi_copy( Q, &ctx->MBEDTLS_PRIVATE(Q) ) ) != 0 ) || + ( D != NULL && ( ret = mbedtls_mpi_copy( D, &ctx->MBEDTLS_PRIVATE(D) ) ) != 0 ) || + ( E != NULL && ( ret = mbedtls_mpi_copy( E, &ctx->MBEDTLS_PRIVATE(E) ) ) != 0 ) ) { return( ret ); } @@ -3208,25 +3140,25 @@ int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, /* Check if key is private or public */ is_priv = - mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0; + mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(N), 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(P), 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(Q), 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(D), 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->MBEDTLS_PRIVATE(E), 0 ) != 0; if( !is_priv ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); #if !defined(MBEDTLS_RSA_NO_CRT) /* Export all requested blinding parameters. */ - if( ( DP != NULL && ( ret = mbedtls_mpi_copy( DP, &ctx->DP ) ) != 0 ) || - ( DQ != NULL && ( ret = mbedtls_mpi_copy( DQ, &ctx->DQ ) ) != 0 ) || - ( QP != NULL && ( ret = mbedtls_mpi_copy( QP, &ctx->QP ) ) != 0 ) ) + if( ( DP != NULL && ( ret = mbedtls_mpi_copy( DP, &ctx->MBEDTLS_PRIVATE(DP) ) ) != 0 ) || + ( DQ != NULL && ( ret = mbedtls_mpi_copy( DQ, &ctx->MBEDTLS_PRIVATE(DQ) ) ) != 0 ) || + ( QP != NULL && ( ret = mbedtls_mpi_copy( QP, &ctx->MBEDTLS_PRIVATE(QP) ) ) != 0 ) ) { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); } #else - if( ( ret = mbedtls_alt_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D, + if( ( ret = mbedtls_alt_rsa_deduce_crt( &ctx->MBEDTLS_PRIVATE(P), &ctx->MBEDTLS_PRIVATE(Q), &ctx->MBEDTLS_PRIVATE(D), DP, DQ, QP ) ) != 0 ) { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); @@ -3246,7 +3178,7 @@ size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ) return 0; } - return( ctx->len ); + return( ctx->MBEDTLS_PRIVATE(len) ); } /**************************************************************************************/ diff --git a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/sha256_alt.c b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/sha256_alt.c index 4b9c29e9a3..70ed813346 100644 --- a/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/sha256_alt.c +++ b/lib/ext/cryptocell-312-runtime/codesafe/src/mbedtls_api/sha256_alt.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2001-2021, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -47,7 +47,7 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, /* * SHA-256 context setup */ -int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) +int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ) { int ret; @@ -84,7 +84,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, const unsigned } -int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen ) +int mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen ) { int ret; @@ -101,7 +101,7 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, const unsigned char /* * SHA-256 final digest */ -int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output[32] ) +int mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] ) { int ret; HashContext_t *pHashCtx = NULL; diff --git a/lib/ext/cryptocell-312-runtime/host/src/tests/integration_cc3x/runtime_integration_test/run_integration_test.c b/lib/ext/cryptocell-312-runtime/host/src/tests/integration_cc3x/runtime_integration_test/run_integration_test.c index bdce8490ab..f8d038e900 100644 --- a/lib/ext/cryptocell-312-runtime/host/src/tests/integration_cc3x/runtime_integration_test/run_integration_test.c +++ b/lib/ext/cryptocell-312-runtime/host/src/tests/integration_cc3x/runtime_integration_test/run_integration_test.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2001-2021, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -657,11 +657,11 @@ static void runIt_regApi(void) RUNIT_PERF_REG_API(mbedtls_sha1_update_ret , gCompConf.sha1); RUNIT_PERF_REG_API(mbedtls_sha256 , gCompConf.sha256); RUNIT_PERF_REG_API(mbedtls_sha256_clone , gCompConf.sha256); - RUNIT_PERF_REG_API(mbedtls_sha256_finish_ret , gCompConf.sha256); + RUNIT_PERF_REG_API(mbedtls_sha256_finish , gCompConf.sha256); RUNIT_PERF_REG_API(mbedtls_sha256_free , gCompConf.sha256); RUNIT_PERF_REG_API(mbedtls_sha256_init , gCompConf.sha256); - RUNIT_PERF_REG_API(mbedtls_sha256_starts_ret , gCompConf.sha256); - RUNIT_PERF_REG_API(mbedtls_sha256_update_ret , gCompConf.sha256); + RUNIT_PERF_REG_API(mbedtls_sha256_starts , gCompConf.sha256); + RUNIT_PERF_REG_API(mbedtls_sha256_update , gCompConf.sha256); RUNIT_PERF_REG_API(mbedtls_sha512 , gCompConf.sha512); RUNIT_PERF_REG_API(mbedtls_sha512_clone , gCompConf.sha512); RUNIT_PERF_REG_API(mbedtls_sha512_finish , gCompConf.sha512); diff --git a/lib/ext/cryptocell-312-runtime/host/src/tests/integration_cc3x/runtime_integration_test/tests/run_integration_sha.c b/lib/ext/cryptocell-312-runtime/host/src/tests/integration_cc3x/runtime_integration_test/tests/run_integration_sha.c index 20871b0311..efb901c49e 100644 --- a/lib/ext/cryptocell-312-runtime/host/src/tests/integration_cc3x/runtime_integration_test/tests/run_integration_sha.c +++ b/lib/ext/cryptocell-312-runtime/host/src/tests/integration_cc3x/runtime_integration_test/tests/run_integration_sha.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2001-2021, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -119,10 +119,10 @@ static RunItError_t runIt_sha224Test(void) /* Initialize sha engine */ RUNIT_API(mbedtls_sha256_init(pCtx)); - RUNIT_ASSERT(mbedtls_sha256_starts_ret(pCtx, IS_SHA_224) == 0); - RUNIT_ASSERT(mbedtls_sha256_update_ret(pCtx, (const unsigned char*)INPUT_MESSAGE, strlen(INPUT_MESSAGE)) == 0); + RUNIT_ASSERT(mbedtls_sha256_starts(pCtx, IS_SHA_224) == 0); + RUNIT_ASSERT(mbedtls_sha256_update(pCtx, (const unsigned char*)INPUT_MESSAGE, strlen(INPUT_MESSAGE)) == 0); RUNIT_API(mbedtls_sha256_clone(pCtxCloned, pCtx)); - RUNIT_ASSERT(mbedtls_sha256_finish_ret(pCtxCloned, sha224sum) == 0); + RUNIT_ASSERT(mbedtls_sha256_finish(pCtxCloned, sha224sum) == 0); RUNIT_PRINT_BUF(sha224sum, 28, "result"); @@ -174,10 +174,10 @@ static RunItError_t runIt_sha256Test(void) /* Initialize sha engine */ RUNIT_API(mbedtls_sha256_init(pCtx)); - RUNIT_ASSERT(mbedtls_sha256_starts_ret(pCtx, IS_SHA_224) == 0); - RUNIT_ASSERT(mbedtls_sha256_update_ret(pCtx, (const unsigned char*)INPUT_MESSAGE, strlen(INPUT_MESSAGE)) == 0); + RUNIT_ASSERT(mbedtls_sha256_starts(pCtx, IS_SHA_224) == 0); + RUNIT_ASSERT(mbedtls_sha256_update(pCtx, (const unsigned char*)INPUT_MESSAGE, strlen(INPUT_MESSAGE)) == 0); RUNIT_API(mbedtls_sha256_clone(pCtxCloned, pCtx)); - RUNIT_ASSERT(mbedtls_sha256_finish_ret(pCtxCloned, sha256sum) == 0); + RUNIT_ASSERT(mbedtls_sha256_finish(pCtxCloned, sha256sum) == 0); RUNIT_PRINT_BUF(sha256sum, 32, "result"); diff --git a/lib/ext/cryptocell-312-runtime/shared/include/mbedtls/rsa_alt.h b/lib/ext/cryptocell-312-runtime/shared/include/mbedtls/rsa_alt.h index 2eef06935a..c2f5b687bc 100644 --- a/lib/ext/cryptocell-312-runtime/shared/include/mbedtls/rsa_alt.h +++ b/lib/ext/cryptocell-312-runtime/shared/include/mbedtls/rsa_alt.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2001-2021, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -29,40 +29,40 @@ extern "C" { */ typedef struct { - int ver; /*!< always 0 */ - size_t len; /*!< size(N) in chars */ + int MBEDTLS_PRIVATE(ver); /*!< always 0 */ + size_t MBEDTLS_PRIVATE(len); /*!< size(N) in chars */ - mbedtls_mpi N; /*!< public modulus */ - mbedtls_mpi E; /*!< public exponent */ + mbedtls_mpi MBEDTLS_PRIVATE(N); /*!< public modulus */ + mbedtls_mpi MBEDTLS_PRIVATE(E); /*!< public exponent */ - mbedtls_mpi D; /*!< private exponent */ - mbedtls_mpi P; /*!< 1st prime factor */ - mbedtls_mpi Q; /*!< 2nd prime factor */ + mbedtls_mpi MBEDTLS_PRIVATE(D); /*!< private exponent */ + mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< 1st prime factor */ + mbedtls_mpi MBEDTLS_PRIVATE(Q); /*!< 2nd prime factor */ - mbedtls_mpi DP; /*!< D % (P - 1) */ - mbedtls_mpi DQ; /*!< D % (Q - 1) */ - mbedtls_mpi QP; /*!< 1 / (Q % P) */ + mbedtls_mpi MBEDTLS_PRIVATE(DP); /*!< D % (P - 1) */ + mbedtls_mpi MBEDTLS_PRIVATE(DQ); /*!< D % (Q - 1) */ + mbedtls_mpi MBEDTLS_PRIVATE(QP); /*!< 1 / (Q % P) */ - mbedtls_mpi RN; /*!< cached R^2 mod N */ + mbedtls_mpi MBEDTLS_PRIVATE(RN); /*!< cached R^2 mod N */ - mbedtls_mpi RP; /*!< cached R^2 mod P */ - mbedtls_mpi RQ; /*!< cached R^2 mod Q */ + mbedtls_mpi MBEDTLS_PRIVATE(RP); /*!< cached R^2 mod P */ + mbedtls_mpi MBEDTLS_PRIVATE(RQ); /*!< cached R^2 mod Q */ - mbedtls_mpi Vi; /*!< cached blinding value */ - mbedtls_mpi Vf; /*!< cached un-blinding value */ + mbedtls_mpi MBEDTLS_PRIVATE(Vi); /*!< cached blinding value */ + mbedtls_mpi MBEDTLS_PRIVATE(Vf); /*!< cached un-blinding value */ - mbedtls_mpi NP; /*!< Barrett mod N tag NP for N-modulus */ - mbedtls_mpi BQP; /*!< Barrett mod Q tag QP for Q-factor */ - mbedtls_mpi BPP; /*!< Barrett mod P tag PP for P-factor */ + mbedtls_mpi MBEDTLS_PRIVATE(NP); /*!< Barrett mod N tag NP for N-modulus */ + mbedtls_mpi MBEDTLS_PRIVATE(BQP); /*!< Barrett mod Q tag QP for Q-factor */ + mbedtls_mpi MBEDTLS_PRIVATE(BPP); /*!< Barrett mod P tag PP for P-factor */ - int padding; /*!< MBEDTLS_RSA_PKCS_V15 for 1.5 padding and + int MBEDTLS_PRIVATE(padding); /*!< MBEDTLS_RSA_PKCS_V15 for 1.5 padding and MBEDTLS_RSA_PKCS_v21 for OAEP/PSS */ - int hash_id; /*!< Hash identifier of mbedtls_md_type_t as + int MBEDTLS_PRIVATE(hash_id); /*!< Hash identifier of mbedtls_md_type_t as specified in the mbedtls_md.h header file for the EME-OAEP and EMSA-PSS encoding */ #if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; /*!< Thread-safety mutex */ + mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< Thread-safety mutex */ #endif } mbedtls_rsa_context; |