Merge pull request #4576 from gilles-peskine-arm/psa_key_derivation-bad_workflow-20210527
PSA key derivation bad-workflow tests
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
new file mode 100644
index 0000000..b9f1468
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,35 @@
+---
+name: Bug report
+about: To report a bug, please fill this form.
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+### Summary
+
+
+
+### System information
+
+Mbed TLS version (number or commit id):
+Operating system and version:
+Configuration (if not default, please attach `config.h`):
+Compiler and options (if you used a pre-built binary, please indicate how you obtained it):
+Additional environment information:
+
+### Expected behavior
+
+
+
+### Actual behavior
+
+
+
+### Steps to reproduce
+
+
+
+### Additional information
+
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
new file mode 100644
index 0000000..63076f4
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+ - name: Mbed TLS security team
+ url: mailto:mbed-tls-security@lists.trustedfirmware.org
+ about: Report a security vulnerability.
+ - name: Mbed TLS mailing list
+ url: https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls
+ about: Mbed TLS community support and general discussion.
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
new file mode 100644
index 0000000..3b51513
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,17 @@
+---
+name: Enhancement request
+about: To request an enhancement, please fill this form.
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+### Suggested enhancement
+
+
+
+### Justification
+
+Mbed TLS needs this because
+
diff --git a/.github/issue_template.md b/.github/issue_template.md
deleted file mode 100644
index 370066f..0000000
--- a/.github/issue_template.md
+++ /dev/null
@@ -1,46 +0,0 @@
-_Note:_ this is a template, please remove the parts that are not
-applicable (these initial notes, and the "Bug" section for a Feature request
-and vice-versa).
-
-**Note:** to report a security vulnerability, see
-[SECURITY.md](../SECURITY.md). Please do not use github issues for
-vulnerabilities.
-
-_Note:_ to get support, see [SUPPORT.md](../SUPPORT.md). Please do not use
-github issues for questions.
-
----------------------------------------------------------------
-### Description
-- Type: Bug | Enhancement / Feature Request
-- Priority: Blocker | Major | Minor
-
----------------------------------------------------------------
-## Bug
-
-**OS**
-Mbed OS|linux|windows|
-
-**mbed TLS build:**
-Version: x.x.x or git commit id
-OS version: x.x.x
-Configuration: please attach config.h file where possible
-Compiler and options (if you used a pre-built binary, please indicate how you obtained it):
-Additional environment information:
-
-**Peer device TLS stack and version**
-OpenSSL|GnuTls|Chrome|NSS(Firefox)|SecureChannel (IIS/Internet Explorer/Edge)|Other
-Version:
-
-**Expected behavior**
-
-**Actual behavior**
-
-**Steps to reproduce**
-
-----------------------------------------------------------------
-## Enhancement / Feature Request
-
-**Suggested enhancement**
-
-**Justification - why does the library need this feature?**
-
diff --git a/.travis.yml b/.travis.yml
index 542f705..48faa48 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -28,12 +28,6 @@
script:
- tests/scripts/all.sh -k test_full_cmake_gcc_asan
- - name: macOS
- os: osx
- compiler: clang
- script:
- - tests/scripts/all.sh -k test_default_out_of_box
-
- name: Windows
os: windows
before_install:
diff --git a/BRANCHES.md b/BRANCHES.md
index 8486ef0..b9926ac 100644
--- a/BRANCHES.md
+++ b/BRANCHES.md
@@ -16,9 +16,10 @@
these only get bug fixes and security fixes.
We use [Semantic Versioning](https://semver.org/). In particular, we maintain
-API compatibility in the `master` branch between major version changes. We
-also maintain ABI compatibility within LTS branches; see the next section for
-details.
+API compatibility in the `master` branch across minor version changes (e.g.
+the API of 3.(x+1) is backward compatible with 3.x). We only break API
+compatibility on major version changes (e.g. from 3.x to 4.0). We also maintain
+ABI compatibility within LTS branches; see the next section for details.
## Backwards Compatibility
@@ -28,11 +29,28 @@
modification with any later release x.y'.z' with the same major version
number, and your code will still build, be secure, and work.
-There are rare exceptions: code that was relying on something that became
-insecure in the meantime (for example, crypto that was found to be weak) may
-need to be changed. In case security comes in conflict with backwards
-compatibility, we will put security first, but always attempt to provide a
-compatibility option.
+Note that new releases of Mbed TLS may extend the API. Here are some
+examples of changes that are common in minor releases of Mbed TLS, and are
+not considered API compatibility breaks:
+
+* Adding or reordering fields in a structure or union.
+* Removing a field from a structure, unless the field is documented as public.
+* Adding items to an enum.
+* Returning an error code that was not previously documented for a function
+ when a new error condition arises.
+* Changing which error code is returned in a case where multiple error
+ conditions apply.
+* Changing the behavior of a function from failing to succeeding, when the
+ change is a reasonable extension of the current behavior, i.e. the
+ addition of a new feature.
+
+There are rare exceptions where we break API compatibility: code that was
+relying on something that became insecure in the meantime (for example,
+crypto that was found to be weak) may need to be changed. In case security
+comes in conflict with backwards compatibility, we will put security first,
+but always attempt to provide a compatibility option.
+
+## Long-time support branches
For the LTS branches, additionally we try very hard to also maintain ABI
compatibility (same definition as API except with re-linking instead of
diff --git a/CMakeLists.txt b/CMakeLists.txt
index f648f22..efe3cab 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -16,7 +16,9 @@
# mbedtls, mbedx509, mbedcrypto and apidoc targets.
#
-cmake_minimum_required(VERSION 2.8.12)
+# We specify a minimum requirement of 3.10.2, but for now use 3.5.1 here
+# until our infrastructure catches up.
+cmake_minimum_required(VERSION 3.5.1)
# https://cmake.org/cmake/help/latest/policy/CMP0011.html
# Setting this policy is required in CMake >= 3.18.0, otherwise a warning is generated. The OLD
diff --git a/ChangeLog b/ChangeLog
index dc6e451..ddaf3fd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -22,7 +22,7 @@
Various helpers and definitions available for use in alt implementations
have been moved out of the include/ directory and into the library/
directory. The files concerned are ecp_internal.h and rsa_internal.h
- which have also been renamed to ecp_alt.h and rsa_alt_helpers.h
+ which have also been renamed to ecp_internal_alt.h and rsa_alt_helpers.h
respectively.
* Move internal headers.
Header files that were only meant for the library's internal use and
diff --git a/ChangeLog.d/alt-context-relaxation.txt b/ChangeLog.d/alt-context-relaxation.txt
new file mode 100644
index 0000000..10fd476
--- /dev/null
+++ b/ChangeLog.d/alt-context-relaxation.txt
@@ -0,0 +1,6 @@
+Features
+ * Alternative implementations of the AES, DHM, ECJPAKE, ECP, RSA and timing
+ modules had undocumented constraints on their context types. These
+ constraints have been relaxed.
+ See docs/architecture/alternative-implementations.md for the remaining
+ constraints.
diff --git a/ChangeLog.d/cipher-delayed-output.txt b/ChangeLog.d/cipher-delayed-output.txt
new file mode 100644
index 0000000..4ca3a0c
--- /dev/null
+++ b/ChangeLog.d/cipher-delayed-output.txt
@@ -0,0 +1,6 @@
+API changes
+ * For multi-part AEAD operations with the cipher module, calling
+ mbedtls_cipher_finish() is now mandatory. Previously the documentation
+ was unclear on this point, and this function happened to never do
+ anything with the currently implemented AEADs, so in practice it was
+ possible to skip calling it, which is no longer supported.
diff --git a/ChangeLog.d/dhm-fields.txt b/ChangeLog.d/dhm-fields.txt
new file mode 100644
index 0000000..4d5c751
--- /dev/null
+++ b/ChangeLog.d/dhm-fields.txt
@@ -0,0 +1,9 @@
+Features
+ * The new functions mbedtls_dhm_get_len() and mbedtls_dhm_get_bitlen()
+ query the size of the modulus in a Diffie-Hellman context.
+ * The new function mbedtls_dhm_get_value() copy a field out of a
+ Diffie-Hellman context.
+
+API changes
+ * Instead of accessing the len field of a DHM context, which is no longer
+ supported, use the new function mbedtls_dhm_get_len() .
diff --git a/ChangeLog.d/ecjpake-point_format.txt b/ChangeLog.d/ecjpake-point_format.txt
new file mode 100644
index 0000000..6e05b23
--- /dev/null
+++ b/ChangeLog.d/ecjpake-point_format.txt
@@ -0,0 +1,4 @@
+Features
+ * Use the new function mbedtls_ecjpake_set_point_format() to select the
+ point format for ECJPAKE instead of accessing the point_format field
+ directly, which is no longer supported.
diff --git a/ChangeLog.d/ecp_max_bits.txt b/ChangeLog.d/ecp_max_bits.txt
new file mode 100644
index 0000000..b952469
--- /dev/null
+++ b/ChangeLog.d/ecp_max_bits.txt
@@ -0,0 +1,3 @@
+Removals
+ * MBEDTLS_ECP_MAX_BITS is no longer a configuration option because it is
+ now determined automatically based on supported curves.
diff --git a/ChangeLog.d/fix-ssl-cf-hmac-alt.txt b/ChangeLog.d/fix-ssl-cf-hmac-alt.txt
new file mode 100644
index 0000000..57ffa02
--- /dev/null
+++ b/ChangeLog.d/fix-ssl-cf-hmac-alt.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * Fix a regression introduced in 2.24.0 which broke (D)TLS CBC ciphersuites
+ (when the encrypt-then-MAC extension is not in use) with some ALT
+ implementations of the underlying hash (SHA-1, SHA-256, SHA-384), causing
+ the affected side to wrongly reject valid messages. Fixes #4118.
diff --git a/ChangeLog.d/issue4055.txt b/ChangeLog.d/issue4055.txt
new file mode 100644
index 0000000..e9bd1d1
--- /dev/null
+++ b/ChangeLog.d/issue4055.txt
@@ -0,0 +1,3 @@
+API changes
+ * The function mbedtls_x509write_csr_set_extension() has an extra parameter
+ which allows to mark an extension as critical. Fixes #4055.
diff --git a/ChangeLog.d/issue4128.txt b/ChangeLog.d/issue4128.txt
new file mode 100644
index 0000000..bc41874
--- /dev/null
+++ b/ChangeLog.d/issue4128.txt
@@ -0,0 +1,4 @@
+API changes
+ * The option MBEDTLS_ECP_FIXED_POINT_OPTIM use pre-computed comb tables
+ instead of computing tables in runtime. Thus, this option now increase
+ code size, and it does not increase RAM usage in runtime anymore.
diff --git a/ChangeLog.d/issue4212.txt b/ChangeLog.d/issue4212.txt
new file mode 100644
index 0000000..9e72ca9
--- /dev/null
+++ b/ChangeLog.d/issue4212.txt
@@ -0,0 +1,6 @@
+API changes
+ * In modules that implement cryptographic hash functions, many functions
+ mbedtls_xxx() now return int instead of void, and the corresponding
+ function mbedtls_xxx_ret() which was identical except for returning int
+ has been removed. This also concerns mbedtls_xxx_drbg_update(). See the
+ migration guide for more information. Fixes #4212.
diff --git a/ChangeLog.d/issue4286.txt b/ChangeLog.d/issue4286.txt
index 68eb667..75d2f09 100644
--- a/ChangeLog.d/issue4286.txt
+++ b/ChangeLog.d/issue4286.txt
@@ -1,11 +1,10 @@
Removals
- * Remove the TLS 1.0, TLS 1.1 and DTLS 1.0 support by removing the following
- deprecated library constants: MBEDTLS_SSL_PROTO_TLS1,
- MBEDTLS_SSL_PROTO_TLS1_1, MBEDTLS_SSL_CBC_RECORD_SPLITTING,
- MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED,
- MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED, MBEDTLS_SSL_RECORD_CHECKING,
- MBEDTLS_SSL_FALLBACK_SCSV, MBEDTLS_SSL_FALLBACK_SCSV_VALUE,
- MBEDTLS_SSL_IS_FALLBACK, MBEDTLS_SSL_IS_NOT_FALLBACK, and functions:
+ * Remove support for TLS 1.0, TLS 1.1 and DTLS 1.0, as well as support for
+ CBC record splitting, fallback SCSV, and the ability to configure
+ ciphersuites per version, which are no longer relevant. This removes the
+ configuration options MBEDTLS_SSL_PROTO_TLS1,
+ MBEDTLS_SSL_PROTO_TLS1_1, MBEDTLS_SSL_CBC_RECORD_SPLITTING and
+ MBEDTLS_SSL_FALLBACK_SCSV as well as the functions
mbedtls_ssl_conf_cbc_record_splitting(),
- mbedtls_ssl_get_key_exchange_md_ssl_tls(), mbedtls_ssl_conf_fallback().
- Fixes #4286.
+ mbedtls_ssl_get_key_exchange_md_ssl_tls(), mbedtls_ssl_conf_fallback(),
+ and mbedtls_ssl_conf_ciphersuites_for_version(). Fixes #4286.
diff --git a/ChangeLog.d/issue4313.txt b/ChangeLog.d/issue4313.txt
new file mode 100644
index 0000000..1fb6123
--- /dev/null
+++ b/ChangeLog.d/issue4313.txt
@@ -0,0 +1,4 @@
+Removals
+ * Remove the following macros: MBEDTLS_CHECK_PARAMS,
+ MBEDTLS_CHECK_PARAMS_ASSERT, MBEDTLS_PARAM_FAILED,
+ MBEDTLS_PARAM_FAILED_ALT. Fixes #4313.
diff --git a/ChangeLog.d/issue4335.txt b/ChangeLog.d/issue4335.txt
new file mode 100644
index 0000000..fe9b7af
--- /dev/null
+++ b/ChangeLog.d/issue4335.txt
@@ -0,0 +1,4 @@
+Changes
+ * Replace MBEDTLS_SSL_CID_PADDING_GRANULARITY and
+ MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY with a new single unified option
+ MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY. Fixes #4335.
diff --git a/ChangeLog.d/issue4367.txt b/ChangeLog.d/issue4367.txt
new file mode 100644
index 0000000..9012fc0
--- /dev/null
+++ b/ChangeLog.d/issue4367.txt
@@ -0,0 +1,13 @@
+Removals
+ * Remove all the 3DES ciphersuites:
+ MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
+ MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
+ MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
+ MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
+ MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+ MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
+ MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA,
+ MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
+ MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA. Remove the
+ MBEDTLS_REMOVE_3DES_CIPHERSUITES option which is no longer relevant.
+ Fixes #4367.
diff --git a/ChangeLog.d/issue4378.txt b/ChangeLog.d/issue4378.txt
new file mode 100644
index 0000000..9a7522b
--- /dev/null
+++ b/ChangeLog.d/issue4378.txt
@@ -0,0 +1,4 @@
+Removals
+ * Remove the MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION config.h
+ option. The mbedtls_x509_crt_parse_der_with_ext_cb() is the way to go for
+ migration path. Fixes #4378.
diff --git a/ChangeLog.d/issue4386.txt b/ChangeLog.d/issue4386.txt
new file mode 100644
index 0000000..9e61fdb
--- /dev/null
+++ b/ChangeLog.d/issue4386.txt
@@ -0,0 +1,3 @@
+Removals
+ * Remove the MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 option and let the code
+ behave as if it was always disabled. Fixes #4386.
diff --git a/ChangeLog.d/issue4398.txt b/ChangeLog.d/issue4398.txt
new file mode 100644
index 0000000..b7f2413
--- /dev/null
+++ b/ChangeLog.d/issue4398.txt
@@ -0,0 +1,3 @@
+API changes
+ * Replace MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE by a runtime
+ configuration function mbedtls_ssl_conf_preference_order(). Fixes #4398.
diff --git a/ChangeLog.d/issue4403.txt b/ChangeLog.d/issue4403.txt
new file mode 100644
index 0000000..08ac60e
--- /dev/null
+++ b/ChangeLog.d/issue4403.txt
@@ -0,0 +1,2 @@
+Removals
+ * Remove the MBEDTLS_SSL_DTLS_BADMAC_LIMIT config.h option. Fixes #4403.
diff --git a/ChangeLog.d/issue4405.txt b/ChangeLog.d/issue4405.txt
new file mode 100644
index 0000000..c36aefa
--- /dev/null
+++ b/ChangeLog.d/issue4405.txt
@@ -0,0 +1,4 @@
+Removals
+ * Remove the MBEDTLS_X509_CHECK_KEY_USAGE and
+ MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE config.h options and let the code
+ behave as if they were always enabled. Fixes #4405.
diff --git a/ChangeLog.d/max-record-payload-api.txt b/ChangeLog.d/max-record-payload-api.txt
new file mode 100644
index 0000000..02b47e4
--- /dev/null
+++ b/ChangeLog.d/max-record-payload-api.txt
@@ -0,0 +1,9 @@
+API changes
+ * Remove the SSL APIs mbedtls_ssl_get_input_max_frag_len() and
+ mbedtls_ssl_get_output_max_frag_len(), and add a new API
+ mbedtls_ssl_get_max_in_record_payload(), complementing the existing
+ mbedtls_ssl_get_max_out_record_payload().
+ Uses of mbedtls_ssl_get_input_max_frag_len() and
+ mbedtls_ssl_get_input_max_frag_len() should be replaced by
+ mbedtls_ssl_get_max_in_record_payload() and
+ mbedtls_ssl_get_max_out_record_payload(), respectively.
diff --git a/ChangeLog.d/mbed-can-do-timing.txt b/ChangeLog.d/mbed-can-do-timing.txt
new file mode 100644
index 0000000..d83da02
--- /dev/null
+++ b/ChangeLog.d/mbed-can-do-timing.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Remove outdated check-config.h check that prevented implementing the
+ timing module on Mbed OS. Fixes #4633.
diff --git a/ChangeLog.d/mpi_random.txt b/ChangeLog.d/mpi_random.txt
new file mode 100644
index 0000000..9e6a416
--- /dev/null
+++ b/ChangeLog.d/mpi_random.txt
@@ -0,0 +1,3 @@
+Features
+ * The new function mbedtls_mpi_random() generates a random value in a
+ given range uniformly.
diff --git a/ChangeLog.d/psa-without-genprime-fix.txt b/ChangeLog.d/psa-without-genprime-fix.txt
new file mode 100644
index 0000000..8a7153a
--- /dev/null
+++ b/ChangeLog.d/psa-without-genprime-fix.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * Restore the ability to configure PSA via Mbed TLS options to support RSA
+ key pair operations but exclude RSA key generation. When MBEDTLS_GENPRIME
+ is not defined PSA will no longer attempt to use mbedtls_rsa_gen_key().
+ Fixes #4512.
diff --git a/ChangeLog.d/random-range.txt b/ChangeLog.d/random-range.txt
new file mode 100644
index 0000000..dc35ec6
--- /dev/null
+++ b/ChangeLog.d/random-range.txt
@@ -0,0 +1,4 @@
+Security
+* Fix a bias in the generation of finite-field Diffie-Hellman-Merkle (DHM)
+ private keys and of blinding values for DHM and elliptic curves (ECP)
+ computations. Reported by FlorianF89 in #4245.
diff --git a/ChangeLog.d/relaxed-psk-semantics.txt b/ChangeLog.d/relaxed-psk-semantics.txt
new file mode 100644
index 0000000..418ff6f
--- /dev/null
+++ b/ChangeLog.d/relaxed-psk-semantics.txt
@@ -0,0 +1,7 @@
+API changes
+ * Modify semantics of `mbedtls_ssl_conf_[opaque_]psk()`:
+ In Mbed TLS 2.X, the API prescribes that later calls overwrite
+ the effect of earlier calls. In Mbed TLS 3.0, calling
+ `mbedtls_ssl_conf_[opaque_]psk()` more than once will fail,
+ leaving the PSK that was configured first intact.
+ Support for more than one PSK may be added in 3.X.
diff --git a/ChangeLog.d/rm-ecdh-legacy-context-option.txt b/ChangeLog.d/rm-ecdh-legacy-context-option.txt
new file mode 100644
index 0000000..d5a527b
--- /dev/null
+++ b/ChangeLog.d/rm-ecdh-legacy-context-option.txt
@@ -0,0 +1,3 @@
+Removals
+ * Remove MBEDTLS_ECDH_LEGACY_CONTEXT config option since this was purely for
+ backward compatibility which is no longer supported. Addresses #4404.
diff --git a/ChangeLog.d/rsa-padding.txt b/ChangeLog.d/rsa-padding.txt
new file mode 100644
index 0000000..5f9c11f
--- /dev/null
+++ b/ChangeLog.d/rsa-padding.txt
@@ -0,0 +1,5 @@
+API changes
+ * mbedtls_rsa_init() now always selects the PKCS#1v1.5 encoding for an RSA
+ key. To use an RSA key with PSS or OAEP, call mbedtls_rsa_set_padding()
+ after initializing the context. mbedtls_rsa_set_padding() now returns an
+ error if its parameters are invalid.
diff --git a/ChangeLog.d/tool-versions.txt b/ChangeLog.d/tool-versions.txt
new file mode 100644
index 0000000..b89b384
--- /dev/null
+++ b/ChangeLog.d/tool-versions.txt
@@ -0,0 +1,4 @@
+Requirement changes
+ * Refresh the minimum supported versions of tools to build the
+ library. CMake versions older than 3.10.2 and Python older
+ than 3.6 are no longer supported.
diff --git a/README.md b/README.md
index 3f41a0d..78d3c30 100644
--- a/README.md
+++ b/README.md
@@ -26,7 +26,7 @@
To generate a local copy of the library documentation in HTML format, tailored to your compile-time configuration:
-1. Make sure that [Doxygen](http://www.doxygen.nl/) is installed. We use version 1.8.11 but slightly older or more recent versions should work.
+1. Make sure that [Doxygen](http://www.doxygen.nl/) is installed.
1. Run `make apidoc`.
1. Browse `apidoc/index.html` or `apidoc/modules.html`.
@@ -39,7 +39,7 @@
- GNU Make
- CMake
-- Microsoft Visual Studio (Microsoft Visual Studio 2013 or later)
+- Microsoft Visual Studio
The main systems used for development are CMake and GNU Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically.
@@ -49,10 +49,13 @@
You need the following tools to build the library with the provided makefiles:
-* GNU Make or a build tool that CMake supports.
-* A C99 toolchain (compiler, linker, archiver). We actively test with GCC 5.4, Clang 3.8, IAR8 and Visual Studio 2013. More recent versions should work. Slightly older versions may work.
-* Python 3 to generate the test code, and to generate sample programs in the development branch.
+* GNU Make 3.82 or a build tool that CMake supports.
+* A C99 toolchain (compiler, linker, archiver). We actively test with GCC 5.4, Clang 3.8, IAR 8 and Visual Studio 2013. More recent versions should work. Slightly older versions may work.
+* Python 3.6 to generate the test code, and to generate sample programs in the development branch.
* Perl to run the tests, and to generate some source files in the development branch.
+* CMake 3.10.2 or later (if using CMake).
+* Microsoft Visual Studio 2013 or later (if using Visual Studio).
+* Doxygen 1.8.11 or later (if building the documentation; slightly older versions should work).
### Generated source files in the development branch
diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h
index 09b3cf5..7ca33c3 100644
--- a/configs/config-no-entropy.h
+++ b/configs/config-no-entropy.h
@@ -49,8 +49,6 @@
#define MBEDTLS_PKCS1_V21
#define MBEDTLS_SELF_TEST
#define MBEDTLS_VERSION_FEATURES
-#define MBEDTLS_X509_CHECK_KEY_USAGE
-#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
/* mbed TLS modules */
#define MBEDTLS_AES_C
diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h
index 28e6443..b62bdfa 100644
--- a/configs/config-suite-b.h
+++ b/configs/config-suite-b.h
@@ -84,8 +84,7 @@
#define MBEDTLS_AES_ROM_TABLES
/* Save RAM by adjusting to our exact needs */
-#define MBEDTLS_ECP_MAX_BITS 384
-#define MBEDTLS_MPI_MAX_SIZE 48 // 384 bits is 48 bytes
+#define MBEDTLS_MPI_MAX_SIZE 48 // 384-bit EC curve = 48 bytes
/* Save RAM at the expense of speed, see ecp.h */
#define MBEDTLS_ECP_WINDOW_SIZE 2
diff --git a/configs/config-thread.h b/configs/config-thread.h
index bce9668..c1937de 100644
--- a/configs/config-thread.h
+++ b/configs/config-thread.h
@@ -85,8 +85,7 @@
#define MBEDTLS_AES_ROM_TABLES
/* Save RAM by adjusting to our exact needs */
-#define MBEDTLS_ECP_MAX_BITS 256
-#define MBEDTLS_MPI_MAX_SIZE 32 // 256 bits is 32 bytes
+#define MBEDTLS_MPI_MAX_SIZE 32 // 256-bit EC curve = 32 bytes
/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
diff --git a/docs/3.0-migration-guide.d/Remove_3DES_ciphersuites.md b/docs/3.0-migration-guide.d/Remove_3DES_ciphersuites.md
new file mode 100644
index 0000000..85a85b9
--- /dev/null
+++ b/docs/3.0-migration-guide.d/Remove_3DES_ciphersuites.md
@@ -0,0 +1,10 @@
+Remove 3DES ciphersuites
+--
+
+This change does not affect users using default settings for 3DES in `config.h`
+because the 3DES ciphersuites were disabled by that.
+
+3DES has weaknesses/limitations and there are better alternatives, and more and
+more standard bodies are recommending against its use in TLS.
+
+The migration path here is to chose from the recomended in literature alternatives.
diff --git a/docs/3.0-migration-guide.d/ccm-alt.md b/docs/3.0-migration-guide.d/ccm-alt.md
new file mode 100644
index 0000000..1abac7a
--- /dev/null
+++ b/docs/3.0-migration-guide.d/ccm-alt.md
@@ -0,0 +1,9 @@
+CCM interface changes: impact for alternative implementations
+-------------------------------------------------------------
+
+The CCM interface has changed with the addition of support for
+multi-part operations. Five new API functions have been defined:
+mbedtls_ccm_starts(), mbedtls_ccm_set_lengths(),
+mbedtls_ccm_update_ad(), mbedtls_ccm_update() and mbedtls_ccm_finish().
+Alternative implementations of CCM (`MBEDTLS_CCM_ALT`) have now to
+implement those additional five API functions.
diff --git a/docs/3.0-migration-guide.d/cipher-delayed-output.md b/docs/3.0-migration-guide.d/cipher-delayed-output.md
new file mode 100644
index 0000000..18d3271
--- /dev/null
+++ b/docs/3.0-migration-guide.d/cipher-delayed-output.md
@@ -0,0 +1,15 @@
+Calling `mbedtls_cipher_finish()` is mandatory for all multi-part operations
+----------------------------------------------------------------------------
+
+This only affects people who use the cipher module to perform AEAD operations
+using the multi-part API.
+
+Previously, the documentation didn't state explicitly if it was OK to call
+`mbedtls_cipher_check_tag()` or `mbedtls_cipher_write_tag()` directly after
+the last call to `mbedtls_cipher_update()` - that is, without calling
+`mbedtls_cipher_finish()` in-between. If you code was missing that call,
+please add it and be prepared to get as much as 15 bytes of output.
+
+Currently the output is always 0 bytes, but it may be more when alternative
+implementations of the underlying primitives are in use, or with future
+versions of the library.
diff --git a/docs/3.0-migration-guide.d/combine_SSL_CID-TLS1_3_PADDING_GRANULARITY_options.md b/docs/3.0-migration-guide.d/combine_SSL_CID-TLS1_3_PADDING_GRANULARITY_options.md
new file mode 100644
index 0000000..bc3fa68
--- /dev/null
+++ b/docs/3.0-migration-guide.d/combine_SSL_CID-TLS1_3_PADDING_GRANULARITY_options.md
@@ -0,0 +1,14 @@
+Combine the `MBEDTLS_SSL_CID_PADDING_GRANULARITY` and `MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY` options
+--
+
+This change affects users who modified the default `config.h` padding granularity
+settings, i.e. enabled at least one of the options.
+
+The `config.h` options `MBEDTLS_SSL_CID_PADDING_GRANULARITY` and
+`MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY` were combined into one option because
+they used exactly the same padding mechanism and hence their respective padding
+granularities can be used in exactly the same way. This change simplifies the
+code maintenance.
+
+The new single option `MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY` can be used
+for both DTLS-CID and TLS 1.3.
diff --git a/docs/3.0-migration-guide.d/csr-add-critical-extension.md b/docs/3.0-migration-guide.d/csr-add-critical-extension.md
new file mode 100644
index 0000000..ebcb343
--- /dev/null
+++ b/docs/3.0-migration-guide.d/csr-add-critical-extension.md
@@ -0,0 +1,9 @@
+Change the API to allow adding critical extensions to CSRs
+------------------------------------------------------------------
+
+This affects applications that call the `mbedtls_x509write_csr_set_extension`
+function.
+
+The API is changed to include the parameter `critical` which allow to mark an
+extension included in a CSR as critical. To get the previous behaviour pass
+`0`.
diff --git a/docs/3.0-migration-guide.d/max-record-payload-api.md b/docs/3.0-migration-guide.d/max-record-payload-api.md
new file mode 100644
index 0000000..0b34915
--- /dev/null
+++ b/docs/3.0-migration-guide.d/max-record-payload-api.md
@@ -0,0 +1,11 @@
+Remove MaximumFragmentLength (MFL) query API
+-----------------------------------------------------------------
+
+This affects users which use the MFL query APIs
+`mbedtls_ssl_get_{input,output}_max_frag_len()` to
+infer upper bounds on the plaintext size of incoming and
+outgoing record.
+
+Users should switch to `mbedtls_ssl_get_max_{in,out}_record_payload()`
+instead, which also provides such upper bounds but takes more factors
+than just the MFL configuration into account.
diff --git a/docs/3.0-migration-guide.d/modify_MBEDTLS_ECP_FIXED_POINT_OPTIM_behaviour.md b/docs/3.0-migration-guide.d/modify_MBEDTLS_ECP_FIXED_POINT_OPTIM_behaviour.md
new file mode 100644
index 0000000..91bec72
--- /dev/null
+++ b/docs/3.0-migration-guide.d/modify_MBEDTLS_ECP_FIXED_POINT_OPTIM_behaviour.md
@@ -0,0 +1,11 @@
+Change MBEDTLS_ECP_FIXED_POINT_OPTIM behaviour
+------------------------------------------------------
+
+The option `MBEDTLS_ECP_FIXED_POINT_OPTIM` now increase code size and it does
+not increase peak RAM usage anymore.
+
+If you are limited by code size, you can define `MBEDTLS_ECP_FIXED_POINT_OPTIM`
+to `0` in your config file. The impact depends on the number and size of
+enabled curves. For example, for P-256 the difference is 1KB; see the documentation
+of this option for details.
+
diff --git a/docs/3.0-migration-guide.d/relaxed-psk-semantics.md b/docs/3.0-migration-guide.d/relaxed-psk-semantics.md
new file mode 100644
index 0000000..6b0e794
--- /dev/null
+++ b/docs/3.0-migration-guide.d/relaxed-psk-semantics.md
@@ -0,0 +1,18 @@
+Relaxed semantics for PSK configuration
+-----------------------------------------------------------------
+
+This affects users which call the PSK configuration APIs
+`mbedtlsl_ssl_conf_psk()` and `mbedtls_ssl_conf_psk_opaque()`
+multiple times on the same SSL configuration.
+
+In Mbed TLS 2.x, users would observe later calls overwriting
+the effect of earlier calls, with the prevailing PSK being
+the one that has been configured last. In Mbed TLS 3.0,
+calling `mbedtls_ssl_conf_[opaque_]psk()` multiple times
+will return an error, leaving the first PSK intact.
+
+To achieve equivalent functionality when migrating to Mbed TLS 3.0,
+users calling `mbedtls_ssl_conf_[opaque_]psk()` multiple times should
+remove all but the last call, so that only one call to _either_
+`mbedtls_ssl_conf_psk()` _or_ `mbedtls_ssl_conf_psk_opaque()`
+remains.
diff --git a/docs/3.0-migration-guide.d/remove_MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION.md b/docs/3.0-migration-guide.d/remove_MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION.md
new file mode 100644
index 0000000..738fa81
--- /dev/null
+++ b/docs/3.0-migration-guide.d/remove_MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION.md
@@ -0,0 +1,17 @@
+Remove the config option MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+--------------------------------------------------------------------------
+
+This change does not affect users of the default configuration; it only affect
+users who enable this option.
+
+The X.509 standard says that implementations must reject critical extensions that
+they don't recognize, and this is what Mbed TLS does by default. This option
+allowed to continue parsing those certificates but didn't provide a convenient
+way to handle those extensions.
+
+The migration path from that option is to use the
+`mbedtls_x509_crt_parse_der_with_ext_cb()` function which is functionally
+equivalent to `mbedtls_x509_crt_parse_der()`, and/or
+`mbedtls_x509_crt_parse_der_nocopy()` but it calls the callback with every
+unsupported certificate extension and additionally the "certificate policies"
+extension if it contains any unsupported certificate policies.
diff --git a/docs/3.0-migration-guide.d/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options.md b/docs/3.0-migration-guide.d/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options.md
new file mode 100644
index 0000000..2acb3bf
--- /dev/null
+++ b/docs/3.0-migration-guide.d/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options.md
@@ -0,0 +1,18 @@
+Remove `MBEDTLS_X509_CHECK_*_KEY_USAGE` options from `config.h`
+-------------------------------------------------------------------
+
+This change affects users who have chosen the configuration options to disable the
+library's verification of the `keyUsage` and `extendedKeyUsage` fields of x509
+certificates.
+
+The `MBEDTLS_X509_CHECK_KEY_USAGE` and `MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE`
+configuration options are removed and the X509 code now behaves as if they were
+always enabled. It is consequently not possible anymore to disable at compile
+time the verification of the `keyUsage` and `extendedKeyUsage` fields of X509
+certificates.
+
+The verification of the `keyUsage` and `extendedKeyUsage` fields is important,
+disabling it can cause security issues and it is thus not recommended. If the
+verification is for some reason undesirable, it can still be disabled by means
+of the verification callback function passed to `mbedtls_x509_crt_verify()` (see
+the documentation of this function for more information).
diff --git a/docs/3.0-migration-guide.d/remove_SSL_DTLS_BADMAC_LIMIT_option.md b/docs/3.0-migration-guide.d/remove_SSL_DTLS_BADMAC_LIMIT_option.md
new file mode 100644
index 0000000..f81bdad
--- /dev/null
+++ b/docs/3.0-migration-guide.d/remove_SSL_DTLS_BADMAC_LIMIT_option.md
@@ -0,0 +1,11 @@
+Remove MBEDTLS_SSL_DTLS_BADMAC_LIMIT option
+-------------------------------------------
+
+This change does not affect users who used the default `config.h`, as the option
+MBEDTLS_SSL_DTLS_BADMAC_LIMIT was already on by default.
+
+This option was a trade-off between functionality and code size: it allowed
+users who didn't need that feature to avoid paying the cost in code size, by
+disabling it.
+
+This option is no longer present, but its functionality is now always enabled.
diff --git a/docs/3.0-migration-guide.d/remove_deprecated_functions_and_constants.md b/docs/3.0-migration-guide.d/remove_deprecated_functions_and_constants.md
index b18b310..31c2ce8 100644
--- a/docs/3.0-migration-guide.d/remove_deprecated_functions_and_constants.md
+++ b/docs/3.0-migration-guide.d/remove_deprecated_functions_and_constants.md
@@ -50,7 +50,9 @@
`mbedtls_ssl_conf_dh_param_bin()` or `mbedtls_ssl_conf_dh_param_ctx()` instead.
The function `mbedtls_ssl_get_max_frag_len()` was removed. Please use
-`mbedtls_ssl_get_output_max_frag_len()` instead.
+`mbedtls_ssl_get_max_out_record_payload()` and
+`mbedtls_ssl_get_max_in_record_payload()`
+instead.
Deprecated hex-encoded primes were removed from DHM
---------------------------------------------------
diff --git a/docs/3.0-migration-guide.d/remove_mbedtls_check_params_option.md b/docs/3.0-migration-guide.d/remove_mbedtls_check_params_option.md
new file mode 100644
index 0000000..6f43aa3
--- /dev/null
+++ b/docs/3.0-migration-guide.d/remove_mbedtls_check_params_option.md
@@ -0,0 +1,33 @@
+Remove MBEDTLS_CHECK_PARAMS option
+----------------------------------
+
+This change does not affect users who use the default configuration; it only
+affects users who enabled that option.
+
+The option `MBEDTLS_CHECK_PARAMS` (disabled by default) enabled certain kinds
+of “parameter validation”. It covered two kinds of validations:
+
+- In some functions that require a valid pointer, “parameter validation” checks
+that the pointer is non-null. With the feature disabled, a null pointer is not
+treated differently from any other invalid pointer, and typically leads to a
+runtime crash. 90% of the uses of the feature are of this kind.
+- In some functions that take an enum-like argument, “parameter validation”
+checks that the value is a valid one. With the feature disabled, an invalid
+value causes a silent default to one of the valid values.
+
+The default reaction to a failed check was to call a function
+`mbedtls_param_failed()` which the application had to provide. If this function
+returned, its caller returned an error `MBEDTLS_ERR_xxx_BAD_INPUT_DATA`.
+
+This feature was only used in some classic (non-PSA) cryptography modules. It was
+not used in X.509, TLS or in PSA crypto, and it was not implemented in all
+classic crypto modules.
+
+This feature has been removed. The library no longer checks for NULL pointers;
+checks for enum-like arguments will be kept or re-introduced on a case-by-case
+basis, but their presence will no longer be dependent on a compile-time option.
+
+Validation of enum-like values is somewhat useful, but not extremely important,
+because the parameters concerned are usually constants in applications.
+
+For more information see issue #4313.
diff --git a/docs/3.0-migration-guide.d/remove_supp_for_extensions_in_pre-v3_X_509_certs.md b/docs/3.0-migration-guide.d/remove_supp_for_extensions_in_pre-v3_X_509_certs.md
new file mode 100644
index 0000000..4c87f03
--- /dev/null
+++ b/docs/3.0-migration-guide.d/remove_supp_for_extensions_in_pre-v3_X_509_certs.md
@@ -0,0 +1,14 @@
+Remove the `MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3` option
+--
+
+This change does not affect users who were using the default configuration, as
+this option was already disabled by default. Also, it does not affect users who
+are working with current V3 X.509 certificates.
+
+Extensions were added in V3 of the X.509 specification, so pre-V3 certificates
+containing extensions were never compliant. Mbed TLS now rejects them with a
+parsing error in all configurations, as it did previously in the default
+configuration.
+
+If you are working with the pre-V3 certificates you need to switch to the
+current ones.
diff --git a/docs/3.0-migration-guide.d/remove_support_for_tls_1.0_1.1_and_dtls_1.0.md b/docs/3.0-migration-guide.d/remove_support_for_tls_1.0_1.1_and_dtls_1.0.md
index 4beebe2..73d621f 100644
--- a/docs/3.0-migration-guide.d/remove_support_for_tls_1.0_1.1_and_dtls_1.0.md
+++ b/docs/3.0-migration-guide.d/remove_support_for_tls_1.0_1.1_and_dtls_1.0.md
@@ -3,9 +3,25 @@
This change affects users of the TLS 1.0, 1.1 and DTLS 1.0 protocols.
-The versions of (D)TLS that are being removed are not as secure as the latest
-versions. Keeping them in the library creates opportunities for misconfiguration
+These versions have been deprecated by RFC 8996.
+Keeping them in the library creates opportunities for misconfiguration
and possibly downgrade attacks. More generally, more code means a larger attack
surface, even if the code is supposedly not used.
The migration path is to adopt the latest versions of the protocol.
+
+As a consequence of removing TLS 1.0, support for CBC record splitting was
+also removed, as it was a work-around for a weakness in this particular
+version. There is no migration path since the feature is no longer relevant.
+
+As a consequence of currently supporting only one version of (D)TLS (and in the
+future 1.3 which will have a different version negociation mechanism), support
+for fallback SCSV (RFC 7507) was also removed. There is no migration path as
+it's no longer useful with TLS 1.2 and later.
+
+As a consequence of currently supporting only one version of (D)TLS (and in the
+future 1.3 which will have a different concept of ciphersuites), support for
+configuring ciphersuites separately for each version via
+`mbedtls_ssl_conf_ciphersuites_for_version()` was removed. Use
+`mbedtls_ssl_conf_ciphersuites()` to configure ciphersuites to use with (D)TLS
+1.2; in the future a different API will be added for (D)TLS 1.3.
diff --git a/docs/3.0-migration-guide.d/rename_the__ret_functions.md b/docs/3.0-migration-guide.d/rename_the__ret_functions.md
new file mode 100644
index 0000000..44435f8
--- /dev/null
+++ b/docs/3.0-migration-guide.d/rename_the__ret_functions.md
@@ -0,0 +1,51 @@
+Rename mbedtls_*_ret() cryptography functions whose deprecated variants
+have been removed
+-----------------
+
+This change affects users who were using the `mbedtls_*_ret()` cryptography
+functions.
+
+Those functions were created based on now-deprecated functions according to a
+requirement that a function needs to return a value. This change brings back the
+original names of those functions. The renamed functions are:
+
+| name before this change | after the change |
+|------------------------------|--------------------------|
+| mbedtls_ctr_drbg_update_ret | mbedtls_ctr_drbg_update |
+| mbedtls_hmac_drbg_update_ret | mbedtls_hmac_drbg_update |
+| mbedtls_md2_starts_ret | mbedtls_md2_starts |
+| mbedtls_md2_update_ret | mbedtls_md2_update |
+| mbedtls_md2_finish_ret | mbedtls_md2_finish |
+| mbedtls_md2_ret | mbedtls_md2 |
+| mbedtls_md4_starts_ret | mbedtls_md4_starts |
+| mbedtls_md4_update_ret | mbedtls_md4_update |
+| mbedtls_md4_finish_ret | mbedtls_md4_finish |
+| mbedtls_md4_ret | mbedtls_md4 |
+| mbedtls_md5_starts_ret | mbedtls_md5_starts |
+| mbedtls_md5_update_ret | mbedtls_md5_update |
+| mbedtls_md5_finish_ret | mbedtls_md5_finish |
+| mbedtls_md5_ret | mbedtls_md5 |
+| mbedtls_ripemd160_starts_ret | mbedtls_ripemd160_starts |
+| mbedtls_ripemd160_update_ret | mbedtls_ripemd160_update |
+| mbedtls_ripemd160_finish_ret | mbedtls_ripemd160_finish |
+| mbedtls_ripemd160_ret | mbedtls_ripemd160 |
+| mbedtls_sha1_starts_ret | mbedtls_sha1_starts |
+| mbedtls_sha1_update_ret | mbedtls_sha1_update |
+| mbedtls_sha1_finish_ret | mbedtls_sha1_finish |
+| mbedtls_sha1_ret | mbedtls_sha1 |
+| mbedtls_sha256_starts_ret | mbedtls_sha256_starts |
+| mbedtls_sha256_update_ret | mbedtls_sha256_update |
+| mbedtls_sha256_finish_ret | mbedtls_sha256_finish |
+| mbedtls_sha256_ret | mbedtls_sha256 |
+| mbedtls_sha512_starts_ret | mbedtls_sha512_starts |
+| mbedtls_sha512_update_ret | mbedtls_sha512_update |
+| mbedtls_sha512_finish_ret | mbedtls_sha512_finish |
+| mbedtls_sha512_ret | mbedtls_sha512 |
+
+To migrate to the this change the user can keep the `*_ret` names in their code
+and include the `compat_2.x.h` header file which holds macros with proper
+renaming or to rename those function in their code according to the list from
+mentioned header file.
+
+
+
diff --git a/docs/3.0-migration-guide.d/rsa-padding.md b/docs/3.0-migration-guide.d/rsa-padding.md
new file mode 100644
index 0000000..f10ece6
--- /dev/null
+++ b/docs/3.0-migration-guide.d/rsa-padding.md
@@ -0,0 +1,29 @@
+Remove the padding parameters from mbedtls_rsa_init()
+-----------------------------------------------------
+
+This affects all users who use the RSA encryption, decryption, sign and
+verify APIs.
+
+The function mbedtls_rsa_init() no longer supports selecting the PKCS#1 v2.1
+encoding and its hash. It just selects the PKCS#1 v1.5 encoding by default. If
+you were using the PKCS#1 v2.1 encoding you now need, subsequently to the call
+to mbedtls_rsa_init(), to call mbedtls_rsa_set_padding() to set it.
+
+To choose the padding type when initializing a context, instead of
+```C
+ mbedtls_rsa_init(ctx, padding, hash_id);
+```
+, use
+```C
+ mbedtls_rsa_init(ctx);
+ mbedtls_rsa_set_padding(ctx, padding, hash_id);
+```
+
+To use PKCS#1 v1.5 padding, instead of
+```C
+ mbedtls_rsa_init(ctx, MBEDTLS_RSA_PKCS_V15, <ignored>);
+```
+, just use
+```C
+ mbedtls_rsa_init(ctx);
+```
diff --git a/docs/3.0-migration-guide.d/turn_SSL_SRV_RESPECT_CLIENT_PREFERENCE_config_opt_to_runtime_opt.md b/docs/3.0-migration-guide.d/turn_SSL_SRV_RESPECT_CLIENT_PREFERENCE_config_opt_to_runtime_opt.md
new file mode 100644
index 0000000..6a6554d
--- /dev/null
+++ b/docs/3.0-migration-guide.d/turn_SSL_SRV_RESPECT_CLIENT_PREFERENCE_config_opt_to_runtime_opt.md
@@ -0,0 +1,14 @@
+Turn MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE configuration option into a runtime option
+--
+
+This change affects users who were enabling MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+option in the `config.h`
+
+This option has been removed and a new function with similar functionality has
+been introduced into the SSL API.
+
+This new function `mbedtls_ssl_conf_preference_order()` can be used to
+change the preferred order of ciphersuites on the server to those used on the client,
+e.g.: `mbedtls_ssl_conf_preference_order(ssl_config, MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT)`
+has the same effect as enabling the removed option. The default state is to use
+the server order of suites.
diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md
index 2d031c6..a4a59b8 100644
--- a/docs/3.0-migration-guide.md
+++ b/docs/3.0-migration-guide.md
@@ -59,7 +59,7 @@
If you're providing alt implementations of ECP or RSA, you'll need to add our
`library` directory to your include path when building your alt
implementations, and note that `ecp_internal.h` and `rsa_internal.h` have been
-renamed to `ecp_alt.h` and `rsa_alt_helpers.h` respectively.
+renamed to `ecp_internal_alt.h` and `rsa_alt_helpers.h` respectively.
If you're a library user and used to rely on having access to a structure or
function that's now in a private header, please reach out on the mailing list
diff --git a/docs/architecture/alternative-implementations.md b/docs/architecture/alternative-implementations.md
new file mode 100644
index 0000000..7fe6332
--- /dev/null
+++ b/docs/architecture/alternative-implementations.md
@@ -0,0 +1,91 @@
+Alternative implementations of Mbed TLS functionality
+=====================================================
+
+This document describes how parts of the Mbed TLS functionality can be replaced at compile time to integrate the library on a platform.
+
+This document is an overview. It is not exhaustive. Please consult the documentation of individual modules and read the library header files for more details.
+
+## Platform integration
+
+Mbed TLS works out of the box on Unix/Linux/POSIX-like systems and on Windows. On embedded platforms, you may need to customize some aspects of how Mbed TLS interacts with the underlying platform. This section discusses the main areas that can be configured.
+
+The platform module (`include/mbedtls/platform.h`) controls how Mbed TLS accesses standard library features such as memory management (`calloc`, `free`), `printf`, `exit`. You can define custom functions instead of the ones from the C standard library through `MBEDTLS_PLATFORM_XXX` options in the configuration file. Many options have two mechanisms: either define `MBEDTLS_PLATFORM_XXX_MACRO` to the name of a function to call instead of the standard function `xxx`, or define `MBEDTLS_PLATFORM_XXX_ALT` and [register an alternative implementation during the platform setup](#alternative-implementations-of-platform-functions).
+
+The storage of the non-volatile seed for random generation, enabled with `MBEDTLS_ENTROPY_NV_SEED`, is also controlled via the platform module.
+
+For timing functions, you can [declare an alternative implementation of the timing module](#module-alternative-implementations).
+
+On multithreaded platforms, [declare an alternative implementation of the threading module](#module-alternative-implementations).
+
+To configure entropy sources (hardware random generators), see the `MBEDTLS_ENTROPY_XXX` options in the configuration file.
+
+For networking, the `net_sockets` module does not currently support alternative implementations. If this module does not work on your platform, disable `MBEDTLS_NET_C` and use custom functions for TLS.
+
+If your platform has a cryptographic accelerator, you can use it via a [PSA driver](#psa-cryptography-drivers) or declare an [alternative implementation of the corresponding module(s)](#module-alternative-implementations) or [of specific functions](#function-alternative-implementations). PSA drivers will ultimately replace the alternative implementation mechanism, but alternative implementation will remain supported in at least all Mbed TLS versions of the form 3.x. The interface of PSA drivers is currently still experimental and subject to change.
+
+## PSA cryptography drivers
+
+On platforms where a hardware cryptographic engine is present, you can implement a driver for this engine in the PSA interface. Drivers are supported for cryptographic operations with transparent keys (keys available in cleartext), for cryptographic operations with opaque keys (keys that are only available inside the cryptographic engine), and for random generation. Calls to `psa_xxx` functions that perform cryptographic operations are directed to drivers instead of the built-in code as applicable. See the [PSA cryptography driver interface specification](docs/proposed/psa-driver-interface.md), the [Mbed TLS PSA driver developer guide](docs/proposed/psa-driver-developer-guide.md) and the [Mbed TLS PSA driver integration guide](docs/proposed/psa-driver-integration-guide.md) for more information.
+
+As of Mbed TLS 3.0, this interface is still experimental and subject to change, and not all operations support drivers yet. The configuration option `MBEDTLS_USE_PSA_CRYPTO` causes parts of the `mbedtls_xxx` API to use PSA crypto and therefore to support drivers, however it is not yet compatible with all drivers.
+
+## Module alternative implementations
+
+You can replace the code of some modules of Mbed TLS at compile time by a custom implementation. This is possible for low-level cryptography modules (symmetric algorithms, DHM, RSA, ECP, ECJPAKE) and for some platform-related modules (threading, timing). Such custom implementations are called “alternative implementations”, or “ALT implementations” for short.
+
+The general principle of an alternative implementation is:
+* Enable `MBEDTLS_XXX_ALT` in the compile-time configuration where XXX is the module name. For example, `MBEDTLS_AES_ALT` for an implementation of the AES module. This is in addition to enabling `MBEDTLS_XXX_C`.
+* Create a header file `xxx_alt.h` that defines the context type(s) used by the module. For example, `mbedtls_aes_context` for AES.
+* Implement all the functions from the module, i.e. the functions declared in `include/mbedtls/xxx.h`.
+
+See https://tls.mbed.org/kb/development/hw_acc_guidelines for a more detailed guide.
+
+### Constraints on context types
+
+Generally, alternative implementations can define their context types to any C type except incomplete and array types (although they would normally be `struct` types). This section lists some known limitations where the context type needs to be a structure with certain fields.
+
+Where a context type needs to have a certain field, the field must have the same type and semantics as in the built-in implementation, but does not need to be at the same position in the structure. Furthermore, unless otherwise indicated, only read access is necessary: the field can be `const`, and modifications to it do not need to be supported. For example, if an alternative implementation of asymmetric cryptography uses a different representation of large integers, it is sufficient to provide a read-only copy of the fields listed here of type `mbedtls_mpi`.
+
+* AES: if `MBEDTLS_AESNI_C` or `MBEDTLS_PADLOCK_C` is enabled, `mbedtls_aes_context` must have the fields `nr` and `rk`.
+* DHM: if `MBEDTLS_DEBUG_C` is enabled, `mbedtls_dhm_context` must have the fields `P`, `Q`, `G`, `GX`, `GY` and `K`.
+* ECP: `mbedtls_ecp_group` must have the fields `id`, `P`, `A`, `B`, `G`, `N`, `pbits` and `nbits`.
+ * If `MBEDTLS_PK_PARSE_EC_EXTENDED` is enabled, those fields must be writable, and `mbedtls_ecp_point_read_binary()` must support a group structure where only `P`, `pbits`, `A` and `B` are set.
+
+It must be possible to move a context object in memory (except during the execution of a library function that takes this context as an argument). (This is necessary, for example, to support applications that populate a context on the stack of an inner function and then copy the context upwards through the call chain, or applications written in a language with automatic memory management that can move objects on the heap.) That is, call sequences like the following must work:
+```
+mbedtls_xxx_context ctx1, ctx2;
+mbedtls_xxx_init(&ctx1);
+mbedtls_xxx_setup(&ctx1, …);
+ctx2 = ctx1;
+memset(&ctx1, 0, sizeof(ctx1));
+mbedtls_xxx_do_stuff(&ctx2, …);
+mbedtls_xxx_free(&ctx2);
+```
+In practice, this means that a pointer to a context or to a part of a context does not remain valid across function calls. Alternative implementations do not need to support copying of contexts: contexts can only be cloned through explicit `clone()` functions.
+
+## Function alternative implementations
+
+In some cases, it is possible to replace a single function or a small set of functions instead of [providing an alternative implementation of the whole module](#module-alternative-implementations).
+
+### Alternative implementations of cryptographic functions
+
+Options to replace individual functions of cryptographic modules generally have a name obtained by upper-casing the function name and appending `_ALT`. If the function name contains `_internal`, `_ext` or `_ret`, this is removed in the `_ALT` symbol. When the corresponding option is enabled, the built-in implementation of the function will not be compiled, and you must provide an alternative implementation at link time.
+
+For example, enable `MBEDTLS_AES_ENCRYPT_ALT` at compile time and provide your own implementation of `mbedtls_aes_encrypt()` to provide an accelerated implementation of AES encryption that is compatible with the built-in key schedule. If you wish to implement key schedule differently, you can also enable `MBEDTLS_AES_SETKEY_ENC_ALT` and implement `mbedtls_aes_setkey_enc()`.
+
+Another example: enable `MBEDTLS_SHA256_PROCESS_ALT` and implement `mbedtls_internal_sha256_process()` to provide an accelerated implementation of SHA-256 and SHA-224.
+
+Note that since alternative implementations of individual functions cooperate with the built-in implementation of other functions, you must use the same layout for context objects as the built-in implementation. If you want to use different context types, you need to [provide an alternative implementation of the whole module](#module-alternative-implementations).
+
+### Alternative implementations of platform functions
+
+Several platform functions can be reconfigured dynamically by following the process described here. To reconfigure how Mbed TLS calls the standard library function `xxx()`:
+
+* Define the symbol `MBEDTLS_PLATFORM_XXX_ALT` at compile time.
+* During the initialization of your application, set the global variable `mbedtls_xxx` to an alternative implementation of `xxx()`.
+
+For example, to provide a custom `printf` function at run time, enable `MBEDTLS_PLATFORM_PRINTF_ALT` at compile time and assign to `mbedtls_printf` during the initialization of your application.
+
+Merely enabling `MBEDTLS_PLATFORM_XXX_ALT` does not change the behavior: by default, `mbedtls_xxx` points to the standard function `xxx`.
+
+Note that there are variations on the naming pattern. For example, some configurable functions are activated in pairs, such as `mbedtls_calloc` and `mbedtls_free` via `MBEDTLS_PLATFORM_MEMORY`. Consult the documentation of individual configuration options and of the platform module for details.
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index 0205dcf..dd84c28 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -1577,13 +1577,13 @@
# compilation will be performed. Macro expansion can be done in a controlled
# way by setting EXPAND_ONLY_PREDEF to YES.
-MACRO_EXPANSION = NO
+MACRO_EXPANSION = YES
# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES
# then the macro expansion is limited to the macros specified with the
# PREDEFINED and EXPAND_AS_DEFINED tags.
-EXPAND_ONLY_PREDEF = NO
+EXPAND_ONLY_PREDEF = YES
# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files
# pointed to by INCLUDE_PATH will be searched when a #include is found.
@@ -1630,7 +1630,7 @@
# Use the PREDEFINED tag if you want to use a different macro definition that
# overrules the definition found in the source code.
-EXPAND_AS_DEFINED =
+EXPAND_AS_DEFINED = MBEDTLS_PRIVATE
# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then
# doxygen's preprocessor will remove all references to function-like macros
diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index da741c8..e23b9ca 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -39,6 +39,7 @@
#ifndef MBEDTLS_AES_H
#define MBEDTLS_AES_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -78,9 +79,9 @@
*/
typedef struct mbedtls_aes_context
{
- int nr; /*!< The number of rounds. */
- uint32_t *rk; /*!< AES round keys. */
- uint32_t buf[68]; /*!< Unaligned data buffer. This buffer can
+ int MBEDTLS_PRIVATE(nr); /*!< The number of rounds. */
+ uint32_t *MBEDTLS_PRIVATE(rk); /*!< AES round keys. */
+ uint32_t MBEDTLS_PRIVATE(buf)[68]; /*!< Unaligned data buffer. This buffer can
hold 32 extra Bytes, which can be used for
one of the following purposes:
<ul><li>Alignment if VIA padlock is
@@ -97,9 +98,9 @@
*/
typedef struct mbedtls_aes_xts_context
{
- mbedtls_aes_context crypt; /*!< The AES context to use for AES block
+ mbedtls_aes_context MBEDTLS_PRIVATE(crypt); /*!< The AES context to use for AES block
encryption or decryption. */
- mbedtls_aes_context tweak; /*!< The AES context used for tweak
+ mbedtls_aes_context MBEDTLS_PRIVATE(tweak); /*!< The AES context used for tweak
computation. */
} mbedtls_aes_xts_context;
#endif /* MBEDTLS_CIPHER_MODE_XTS */
diff --git a/include/mbedtls/arc4.h b/include/mbedtls/arc4.h
index ada6083..6313651 100644
--- a/include/mbedtls/arc4.h
+++ b/include/mbedtls/arc4.h
@@ -25,6 +25,7 @@
*/
#ifndef MBEDTLS_ARC4_H
#define MBEDTLS_ARC4_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -51,9 +52,9 @@
*/
typedef struct mbedtls_arc4_context
{
- int x; /*!< permutation index */
- int y; /*!< permutation index */
- unsigned char m[256]; /*!< permutation table */
+ int MBEDTLS_PRIVATE(x); /*!< permutation index */
+ int MBEDTLS_PRIVATE(y); /*!< permutation index */
+ unsigned char MBEDTLS_PRIVATE(m)[256]; /*!< permutation table */
}
mbedtls_arc4_context;
diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h
index e984147..854aa69 100644
--- a/include/mbedtls/aria.h
+++ b/include/mbedtls/aria.h
@@ -28,6 +28,7 @@
#ifndef MBEDTLS_ARIA_H
#define MBEDTLS_ARIA_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -64,9 +65,9 @@
*/
typedef struct mbedtls_aria_context
{
- unsigned char nr; /*!< The number of rounds (12, 14 or 16) */
+ unsigned char MBEDTLS_PRIVATE(nr); /*!< The number of rounds (12, 14 or 16) */
/*! The ARIA round keys. */
- uint32_t rk[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4];
+ uint32_t MBEDTLS_PRIVATE(rk)[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4];
}
mbedtls_aria_context;
diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index d2162fe..6611981 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_ASN1_H
#define MBEDTLS_ASN1_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -148,9 +149,9 @@
*/
typedef struct mbedtls_asn1_buf
{
- int tag; /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
- size_t len; /**< ASN1 length, in octets. */
- unsigned char *p; /**< ASN1 data, e.g. in ASCII. */
+ int MBEDTLS_PRIVATE(tag); /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
+ size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */
+ unsigned char *MBEDTLS_PRIVATE(p); /**< ASN1 data, e.g. in ASCII. */
}
mbedtls_asn1_buf;
@@ -159,9 +160,9 @@
*/
typedef struct mbedtls_asn1_bitstring
{
- size_t len; /**< ASN1 length, in octets. */
- unsigned char unused_bits; /**< Number of unused bits at the end of the string */
- unsigned char *p; /**< Raw ASN1 data for the bit string */
+ size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */
+ unsigned char MBEDTLS_PRIVATE(unused_bits); /**< Number of unused bits at the end of the string */
+ unsigned char *MBEDTLS_PRIVATE(p); /**< Raw ASN1 data for the bit string */
}
mbedtls_asn1_bitstring;
@@ -170,8 +171,8 @@
*/
typedef struct mbedtls_asn1_sequence
{
- mbedtls_asn1_buf buf; /**< Buffer containing the given ASN.1 item. */
- struct mbedtls_asn1_sequence *next; /**< The next entry in the sequence. */
+ mbedtls_asn1_buf MBEDTLS_PRIVATE(buf); /**< Buffer containing the given ASN.1 item. */
+ struct mbedtls_asn1_sequence *MBEDTLS_PRIVATE(next); /**< The next entry in the sequence. */
}
mbedtls_asn1_sequence;
@@ -180,10 +181,10 @@
*/
typedef struct mbedtls_asn1_named_data
{
- mbedtls_asn1_buf oid; /**< The object identifier. */
- mbedtls_asn1_buf val; /**< The named value. */
- struct mbedtls_asn1_named_data *next; /**< The next entry in the sequence. */
- unsigned char next_merged; /**< Merge next item into the current one? */
+ mbedtls_asn1_buf MBEDTLS_PRIVATE(oid); /**< The object identifier. */
+ mbedtls_asn1_buf MBEDTLS_PRIVATE(val); /**< The named value. */
+ struct mbedtls_asn1_named_data *MBEDTLS_PRIVATE(next); /**< The next entry in the sequence. */
+ unsigned char MBEDTLS_PRIVATE(next_merged); /**< Merge next item into the current one? */
}
mbedtls_asn1_named_data;
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index 073b4a4..74deecf 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_BIGNUM_H
#define MBEDTLS_BIGNUM_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -183,9 +184,9 @@
*/
typedef struct mbedtls_mpi
{
- int s; /*!< Sign: -1 if the mpi is negative, 1 otherwise */
- size_t n; /*!< total # of limbs */
- mbedtls_mpi_uint *p; /*!< pointer to limbs */
+ int MBEDTLS_PRIVATE(s); /*!< Sign: -1 if the mpi is negative, 1 otherwise */
+ size_t MBEDTLS_PRIVATE(n); /*!< total # of limbs */
+ mbedtls_mpi_uint *MBEDTLS_PRIVATE(p); /*!< pointer to limbs */
}
mbedtls_mpi;
@@ -871,6 +872,44 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
+/** Generate a random number uniformly in a range.
+ *
+ * This function generates a random number between \p min inclusive and
+ * \p N exclusive.
+ *
+ * The procedure complies with RFC 6979 §3.3 (deterministic ECDSA)
+ * when the RNG is a suitably parametrized instance of HMAC_DRBG
+ * and \p min is \c 1.
+ *
+ * \note There are `N - min` possible outputs. The lower bound
+ * \p min can be reached, but the upper bound \p N cannot.
+ *
+ * \param X The destination MPI. This must point to an initialized MPI.
+ * \param min The minimum value to return.
+ * It must be nonnegative.
+ * \param N The upper bound of the range, exclusive.
+ * In other words, this is one plus the maximum value to return.
+ * \p N must be strictly larger than \p min.
+ * \param f_rng The RNG function to use. This must not be \c NULL.
+ * \param p_rng The RNG parameter to be passed to \p f_rng.
+ *
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p min or \p N is invalid
+ * or if they are incompatible.
+ * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if the implementation was
+ * unable to find a suitable value within a limited number
+ * of attempts. This has a negligible probability if \p N
+ * is significantly larger than \p min, which is the case
+ * for all usual cryptographic applications.
+ * \return Another negative error code on failure.
+ */
+int mbedtls_mpi_random( mbedtls_mpi *X,
+ mbedtls_mpi_sint min,
+ const mbedtls_mpi *N,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+
/**
* \brief Compute the greatest common divisor: G = gcd(A, B)
*
diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h
index 1ade1fc..e54d491 100644
--- a/include/mbedtls/blowfish.h
+++ b/include/mbedtls/blowfish.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_BLOWFISH_H
#define MBEDTLS_BLOWFISH_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -57,8 +58,8 @@
*/
typedef struct mbedtls_blowfish_context
{
- uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2]; /*!< Blowfish round keys */
- uint32_t S[4][256]; /*!< key dependent S-boxes */
+ uint32_t MBEDTLS_PRIVATE(P)[MBEDTLS_BLOWFISH_ROUNDS + 2]; /*!< Blowfish round keys */
+ uint32_t MBEDTLS_PRIVATE(S)[4][256]; /*!< key dependent S-boxes */
}
mbedtls_blowfish_context;
diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h
index dee5c3e..d2d4f61 100644
--- a/include/mbedtls/camellia.h
+++ b/include/mbedtls/camellia.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_CAMELLIA_H
#define MBEDTLS_CAMELLIA_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -53,8 +54,8 @@
*/
typedef struct mbedtls_camellia_context
{
- int nr; /*!< number of rounds */
- uint32_t rk[68]; /*!< CAMELLIA round keys */
+ int MBEDTLS_PRIVATE(nr); /*!< number of rounds */
+ uint32_t MBEDTLS_PRIVATE(rk)[68]; /*!< CAMELLIA round keys */
}
mbedtls_camellia_context;
diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index f63e61b..98f5693 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -46,6 +46,7 @@
#ifndef MBEDTLS_CCM_H
#define MBEDTLS_CCM_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -55,6 +56,11 @@
#include "mbedtls/cipher.h"
+#define MBEDTLS_CCM_DECRYPT 0
+#define MBEDTLS_CCM_ENCRYPT 1
+#define MBEDTLS_CCM_STAR_DECRYPT 2
+#define MBEDTLS_CCM_STAR_ENCRYPT 3
+
#define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D /**< Bad input parameters to the function. */
#define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */
@@ -72,7 +78,7 @@
*/
typedef struct mbedtls_ccm_context
{
- mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
}
mbedtls_ccm_context;
@@ -133,10 +139,10 @@
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
* or 13. The length L of the message length field is
* 15 - \p iv_len.
- * \param add The additional data field. If \p add_len is greater than
- * zero, \p add must be a readable buffer of at least that
+ * \param ad The additional data field. If \p ad_len is greater than
+ * zero, \p ad must be a readable buffer of at least that
* length.
- * \param add_len The length of additional data in Bytes.
+ * \param ad_len The length of additional data in Bytes.
* This must be less than `2^16 - 2^8`.
* \param input The buffer holding the input data. If \p length is greater
* than zero, \p input must be a readable buffer of at least
@@ -154,7 +160,7 @@
*/
int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
- const unsigned char *add, size_t add_len,
+ const unsigned char *ad, size_t ad_len,
const unsigned char *input, unsigned char *output,
unsigned char *tag, size_t tag_len );
@@ -179,9 +185,9 @@
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
* or 13. The length L of the message length field is
* 15 - \p iv_len.
- * \param add The additional data field. This must be a readable buffer of
- * at least \p add_len Bytes.
- * \param add_len The length of additional data in Bytes.
+ * \param ad The additional data field. This must be a readable buffer of
+ * at least \p ad_len Bytes.
+ * \param ad_len The length of additional data in Bytes.
* This must be less than 2^16 - 2^8.
* \param input The buffer holding the input data. If \p length is greater
* than zero, \p input must be a readable buffer of at least
@@ -202,7 +208,7 @@
*/
int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
- const unsigned char *add, size_t add_len,
+ const unsigned char *ad, size_t ad_len,
const unsigned char *input, unsigned char *output,
unsigned char *tag, size_t tag_len );
@@ -218,9 +224,9 @@
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
* or 13. The length L of the message length field is
* 15 - \p iv_len.
- * \param add The additional data field. This must be a readable buffer
- * of at least that \p add_len Bytes..
- * \param add_len The length of additional data in Bytes.
+ * \param ad The additional data field. This must be a readable buffer
+ * of at least that \p ad_len Bytes..
+ * \param ad_len The length of additional data in Bytes.
* This must be less than 2^16 - 2^8.
* \param input The buffer holding the input data. If \p length is greater
* than zero, \p input must be a readable buffer of at least
@@ -239,7 +245,7 @@
*/
int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
- const unsigned char *add, size_t add_len,
+ const unsigned char *ad, size_t ad_len,
const unsigned char *input, unsigned char *output,
const unsigned char *tag, size_t tag_len );
@@ -260,9 +266,9 @@
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
* or 13. The length L of the message length field is
* 15 - \p iv_len.
- * \param add The additional data field. This must be a readable buffer of
- * at least that \p add_len Bytes.
- * \param add_len The length of additional data in Bytes.
+ * \param ad The additional data field. This must be a readable buffer of
+ * at least that \p ad_len Bytes.
+ * \param ad_len The length of additional data in Bytes.
* This must be less than 2^16 - 2^8.
* \param input The buffer holding the input data. If \p length is greater
* than zero, \p input must be a readable buffer of at least
@@ -284,10 +290,208 @@
*/
int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *iv, size_t iv_len,
- const unsigned char *add, size_t add_len,
+ const unsigned char *ad, size_t ad_len,
const unsigned char *input, unsigned char *output,
const unsigned char *tag, size_t tag_len );
+/**
+ * \brief This function starts a CCM encryption or decryption
+ * operation.
+ *
+ * This function and mbedtls_ccm_set_lengths() must be called
+ * before calling mbedtls_ccm_update_ad() or
+ * mbedtls_ccm_update(). This function can be called before
+ * or after mbedtls_ccm_set_lengths().
+ *
+ * \note This function is not implemented in Mbed TLS yet.
+ *
+ * \param ctx The CCM context. This must be initialized.
+ * \param mode The operation to perform: #MBEDTLS_CCM_ENCRYPT or
+ * #MBEDTLS_CCM_DECRYPT or #MBEDTLS_CCM_STAR_ENCRYPT or
+ * #MBEDTLS_CCM_STAR_DECRYPT.
+ * \param iv The initialization vector. This must be a readable buffer
+ * of at least \p iv_len Bytes.
+ * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
+ * or 13. The length L of the message length field is
+ * 15 - \p iv_len.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
+ * \p ctx is in an invalid state,
+ * \p mode is invalid,
+ * \p iv_len is invalid (lower than \c 7 or greater than
+ * \c 13).
+ */
+int mbedtls_ccm_starts( mbedtls_ccm_context *ctx,
+ int mode,
+ const unsigned char *iv,
+ size_t iv_len );
+
+/**
+ * \brief This function declares the lengths of the message
+ * and additional data for a CCM encryption or decryption
+ * operation.
+ *
+ * This function and mbedtls_ccm_starts() must be called
+ * before calling mbedtls_ccm_update_ad() or
+ * mbedtls_ccm_update(). This function can be called before
+ * or after mbedtls_ccm_starts().
+ *
+ * \note This function is not implemented in Mbed TLS yet.
+ *
+ * \param ctx The CCM context. This must be initialized.
+ * \param total_ad_len The total length of additional data in bytes.
+ * This must be less than `2^16 - 2^8`.
+ * \param plaintext_len The length in bytes of the plaintext to encrypt or
+ * result of the decryption (thus not encompassing the
+ * additional data that are not encrypted).
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
+ * \p ctx is in an invalid state,
+ * \p total_ad_len is greater than \c 0xFF00.
+ */
+int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx,
+ size_t total_ad_len,
+ size_t plaintext_len );
+
+/**
+ * \brief This function feeds an input buffer as associated data
+ * (authenticated but not encrypted data) in a CCM
+ * encryption or decryption operation.
+ *
+ * You may call this function zero, one or more times
+ * to pass successive parts of the additional data. The
+ * lengths \p ad_len of the data parts should eventually add
+ * up exactly to the total length of additional data
+ * \c total_ad_len passed to mbedtls_ccm_set_lengths(). You
+ * may not call this function after calling
+ * mbedtls_ccm_update().
+ *
+ * \note This function is not implemented in Mbed TLS yet.
+ *
+ * \param ctx The CCM context. This must have been started with
+ * mbedtls_ccm_starts(), the lengths of the message and
+ * additional data must have been declared with
+ * mbedtls_ccm_set_lengths() and this must not have yet
+ * received any input with mbedtls_ccm_update().
+ * \param ad The buffer holding the additional data, or \c NULL
+ * if \p ad_len is \c 0.
+ * \param ad_len The length of the additional data. If \c 0,
+ * \p ad may be \c NULL.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
+ * \p ctx is in an invalid state,
+ * total input length too long.
+ */
+int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
+ const unsigned char *ad,
+ size_t ad_len );
+
+/**
+ * \brief This function feeds an input buffer into an ongoing CCM
+ * encryption or decryption operation.
+ *
+ * You may call this function zero, one or more times
+ * to pass successive parts of the input: the plaintext to
+ * encrypt, or the ciphertext (not including the tag) to
+ * decrypt. After the last part of the input, call
+ * mbedtls_ccm_finish(). The lengths \p input_len of the
+ * data parts should eventually add up exactly to the
+ * plaintext length \c plaintext_len passed to
+ * mbedtls_ccm_set_lengths().
+ *
+ * This function may produce output in one of the following
+ * ways:
+ * - Immediate output: the output length is always equal
+ * to the input length.
+ * - Buffered output: except for the last part of input data,
+ * the output consists of a whole number of 16-byte blocks.
+ * If the total input length so far (not including
+ * associated data) is 16 \* *B* + *A* with *A* < 16 then
+ * the total output length is 16 \* *B*.
+ * For the last part of input data, the output length is
+ * equal to the input length plus the number of bytes (*A*)
+ * buffered in the previous call to the function (if any).
+ * The function uses the plaintext length
+ * \c plaintext_len passed to mbedtls_ccm_set_lengths()
+ * to detect the last part of input data.
+ *
+ * In particular:
+ * - It is always correct to call this function with
+ * \p output_size >= \p input_len + 15.
+ * - If \p input_len is a multiple of 16 for all the calls
+ * to this function during an operation (not necessary for
+ * the last one) then it is correct to use \p output_size
+ * =\p input_len.
+ *
+ * \note This function is not implemented in Mbed TLS yet.
+ *
+ * \param ctx The CCM context. This must have been started with
+ * mbedtls_ccm_starts() and the lengths of the message and
+ * additional data must have been declared with
+ * mbedtls_ccm_set_lengths().
+ * \param input The buffer holding the input data. If \p input_len
+ * is greater than zero, this must be a readable buffer
+ * of at least \p input_len bytes.
+ * \param input_len The length of the input data in bytes.
+ * \param output The buffer for the output data. If \p output_size
+ * is greater than zero, this must be a writable buffer of
+ * at least \p output_size bytes.
+ * \param output_size The size of the output buffer in bytes.
+ * See the function description regarding the output size.
+ * \param output_len On success, \p *output_len contains the actual
+ * length of the output written in \p output.
+ * On failure, the content of \p *output_len is
+ * unspecified.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
+ * \p ctx is in an invalid state,
+ * total input length too long,
+ * or \p output_size too small.
+ */
+int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
+ const unsigned char *input, size_t input_len,
+ unsigned char *output, size_t output_size,
+ size_t *output_len );
+
+/**
+ * \brief This function finishes the CCM operation and generates
+ * the authentication tag.
+ *
+ * It wraps up the CCM stream, and generates the
+ * tag. The tag can have a maximum length of 16 Bytes.
+ *
+ * \note This function is not implemented in Mbed TLS yet.
+ *
+ * \param ctx The CCM context. This must have been started with
+ * mbedtls_ccm_starts() and the lengths of the message and
+ * additional data must have been declared with
+ * mbedtls_ccm_set_lengths().
+ * \param tag The buffer for holding the tag. If \p tag_len is greater
+ * than zero, this must be a writable buffer of at least \p
+ * tag_len Bytes.
+ * \param tag_len The length of the tag to generate in Bytes:
+ * 4, 6, 8, 10, 12, 14 or 16.
+ * For CCM*, zero is also valid.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_CCM_BAD_INPUT on failure:
+ * \p ctx is in an invalid state,
+ * invalid value of \p tag_len,
+ * the total amount of additional data passed to
+ * mbedtls_ccm_update_ad() was lower than the total length of
+ * additional data \c total_ad_len passed to
+ * mbedtls_ccm_set_lengths(),
+ * the total amount of input data passed to
+ * mbedtls_ccm_update() was lower than the plaintext length
+ * \c plaintext_len passed to mbedtls_ccm_set_lengths().
+ */
+int mbedtls_ccm_finish( mbedtls_ccm_context *ctx,
+ unsigned char *tag, size_t tag_len );
+
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
/**
* \brief The CCM checkup routine.
diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h
index a6a8cda..441aaa4 100644
--- a/include/mbedtls/chacha20.h
+++ b/include/mbedtls/chacha20.h
@@ -31,6 +31,7 @@
#ifndef MBEDTLS_CHACHA20_H
#define MBEDTLS_CHACHA20_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -51,9 +52,9 @@
typedef struct mbedtls_chacha20_context
{
- uint32_t state[16]; /*! The state (before round operations). */
- uint8_t keystream8[64]; /*! Leftover keystream bytes. */
- size_t keystream_bytes_used; /*! Number of keystream bytes already used. */
+ uint32_t MBEDTLS_PRIVATE(state)[16]; /*! The state (before round operations). */
+ uint8_t MBEDTLS_PRIVATE(keystream8)[64]; /*! Leftover keystream bytes. */
+ size_t MBEDTLS_PRIVATE(keystream_bytes_used); /*! Number of keystream bytes already used. */
}
mbedtls_chacha20_context;
diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h
index 1007f95..7c36739 100644
--- a/include/mbedtls/chachapoly.h
+++ b/include/mbedtls/chachapoly.h
@@ -31,6 +31,7 @@
#ifndef MBEDTLS_CHACHAPOLY_H
#define MBEDTLS_CHACHAPOLY_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -61,12 +62,12 @@
typedef struct mbedtls_chachapoly_context
{
- mbedtls_chacha20_context chacha20_ctx; /**< The ChaCha20 context. */
- mbedtls_poly1305_context poly1305_ctx; /**< The Poly1305 context. */
- uint64_t aad_len; /**< The length (bytes) of the Additional Authenticated Data. */
- uint64_t ciphertext_len; /**< The length (bytes) of the ciphertext. */
- int state; /**< The current state of the context. */
- mbedtls_chachapoly_mode_t mode; /**< Cipher mode (encrypt or decrypt). */
+ mbedtls_chacha20_context MBEDTLS_PRIVATE(chacha20_ctx); /**< The ChaCha20 context. */
+ mbedtls_poly1305_context MBEDTLS_PRIVATE(poly1305_ctx); /**< The Poly1305 context. */
+ uint64_t MBEDTLS_PRIVATE(aad_len); /**< The length (bytes) of the Additional Authenticated Data. */
+ uint64_t MBEDTLS_PRIVATE(ciphertext_len); /**< The length (bytes) of the ciphertext. */
+ int MBEDTLS_PRIVATE(state); /**< The current state of the context. */
+ mbedtls_chachapoly_mode_t MBEDTLS_PRIVATE(mode); /**< Cipher mode (encrypt or decrypt). */
}
mbedtls_chachapoly_context;
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 389ae2a..90dee6c 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -55,9 +55,8 @@
#endif
#endif /* _WIN32 */
-#if defined(TARGET_LIKE_MBED) && \
- ( defined(MBEDTLS_NET_C) || defined(MBEDTLS_TIMING_C) )
-#error "The NET and TIMING modules are not available for mbed OS - please use the network and timing functions provided by mbed OS"
+#if defined(TARGET_LIKE_MBED) && defined(MBEDTLS_NET_C)
+#error "The NET module is not available for mbed OS - please use the network functions provided by Mbed OS"
#endif
#if defined(MBEDTLS_DEPRECATED_WARNING) && \
@@ -130,16 +129,6 @@
#error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative or PSA-based ECP implementation"
#endif
-#if defined(MBEDTLS_ECP_RESTARTABLE) && \
- ! defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-#error "MBEDTLS_ECP_RESTARTABLE defined, but not MBEDTLS_ECDH_LEGACY_CONTEXT"
-#endif
-
-#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) && \
- defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-#error "MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED defined, but MBEDTLS_ECDH_LEGACY_CONTEXT not disabled"
-#endif
-
#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)
#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
#endif
@@ -700,11 +689,6 @@
#error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)"
#endif
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) && \
- ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
-#error "MBEDTLS_SSL_DTLS_BADMAC_LIMIT defined, but not all prerequisites"
-#endif
-
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
!defined(MBEDTLS_SSL_PROTO_TLS1_2)
#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites"
@@ -841,6 +825,18 @@
#error "MBEDTLS_SSL_PROTO_TLS1_1 (TLS v1.1 support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4286"
#endif
+#if defined(MBEDTLS_CHECK_PARAMS) //no-check-names
+#error "MBEDTLS_CHECK_PARAMS was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4313"
+#endif
+
+#if defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY) //no-check-names
+#error "MBEDTLS_SSL_CID_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4335"
+#endif
+
+#if defined(MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY) //no-check-names
+#error "MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4335"
+#endif
+
/*
* Avoid warning from -pedantic. This is a convenient place for this
* workaround since this is included by every single file before the
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index ffb20a6..25e1d8d 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -26,6 +26,7 @@
#ifndef MBEDTLS_CIPHER_H
#define MBEDTLS_CIPHER_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -267,37 +268,37 @@
/** Full cipher identifier. For example,
* MBEDTLS_CIPHER_AES_256_CBC.
*/
- mbedtls_cipher_type_t type;
+ mbedtls_cipher_type_t MBEDTLS_PRIVATE(type);
/** The cipher mode. For example, MBEDTLS_MODE_CBC. */
- mbedtls_cipher_mode_t mode;
+ mbedtls_cipher_mode_t MBEDTLS_PRIVATE(mode);
/** The cipher key length, in bits. This is the
* default length for variable sized ciphers.
* Includes parity bits for ciphers like DES.
*/
- unsigned int key_bitlen;
+ unsigned int MBEDTLS_PRIVATE(key_bitlen);
/** Name of the cipher. */
- const char * name;
+ const char * MBEDTLS_PRIVATE(name);
/** IV or nonce size, in Bytes.
* For ciphers that accept variable IV sizes,
* this is the recommended size.
*/
- unsigned int iv_size;
+ unsigned int MBEDTLS_PRIVATE(iv_size);
/** Bitflag comprised of MBEDTLS_CIPHER_VARIABLE_IV_LEN and
* MBEDTLS_CIPHER_VARIABLE_KEY_LEN indicating whether the
* cipher supports variable IV or variable key sizes, respectively.
*/
- int flags;
+ int MBEDTLS_PRIVATE(flags);
/** The block size, in Bytes. */
- unsigned int block_size;
+ unsigned int MBEDTLS_PRIVATE(block_size);
/** Struct for base cipher information and functions. */
- const mbedtls_cipher_base_t *base;
+ const mbedtls_cipher_base_t *MBEDTLS_PRIVATE(base);
} mbedtls_cipher_info_t;
@@ -307,43 +308,43 @@
typedef struct mbedtls_cipher_context_t
{
/** Information about the associated cipher. */
- const mbedtls_cipher_info_t *cipher_info;
+ const mbedtls_cipher_info_t *MBEDTLS_PRIVATE(cipher_info);
/** Key length to use. */
- int key_bitlen;
+ int MBEDTLS_PRIVATE(key_bitlen);
/** Operation that the key of the context has been
* initialized for.
*/
- mbedtls_operation_t operation;
+ mbedtls_operation_t MBEDTLS_PRIVATE(operation);
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
/** Padding functions to use, if relevant for
* the specific cipher mode.
*/
- void (*add_padding)( unsigned char *output, size_t olen, size_t data_len );
- int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len );
+ void (*MBEDTLS_PRIVATE(add_padding))( unsigned char *output, size_t olen, size_t data_len );
+ int (*MBEDTLS_PRIVATE(get_padding))( unsigned char *input, size_t ilen, size_t *data_len );
#endif
/** Buffer for input that has not been processed yet. */
- unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH];
+ unsigned char MBEDTLS_PRIVATE(unprocessed_data)[MBEDTLS_MAX_BLOCK_LENGTH];
/** Number of Bytes that have not been processed yet. */
- size_t unprocessed_len;
+ size_t MBEDTLS_PRIVATE(unprocessed_len);
/** Current IV or NONCE_COUNTER for CTR-mode, data unit (or sector) number
* for XTS-mode. */
- unsigned char iv[MBEDTLS_MAX_IV_LENGTH];
+ unsigned char MBEDTLS_PRIVATE(iv)[MBEDTLS_MAX_IV_LENGTH];
/** IV size in Bytes, for ciphers with variable-length IVs. */
- size_t iv_size;
+ size_t MBEDTLS_PRIVATE(iv_size);
/** The cipher-specific context. */
- void *cipher_ctx;
+ void *MBEDTLS_PRIVATE(cipher_ctx);
#if defined(MBEDTLS_CMAC_C)
/** CMAC-specific context. */
- mbedtls_cmac_context_t *cmac_ctx;
+ mbedtls_cmac_context_t *MBEDTLS_PRIVATE(cmac_ctx);
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -354,7 +355,7 @@
* mbedtls_cipher_setup(), and set if it was established through
* mbedtls_cipher_setup_psa().
*/
- unsigned char psa_enabled;
+ unsigned char MBEDTLS_PRIVATE(psa_enabled);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
} mbedtls_cipher_context_t;
@@ -437,10 +438,23 @@
/**
- * \brief This function initializes a cipher context for
+ * \brief This function prepares a cipher context for
* use with the given cipher primitive.
*
- * \param ctx The context to initialize. This must be initialized.
+ * \note After calling this function, you should call
+ * mbedtls_cipher_setkey() and, if the mode uses padding,
+ * mbedtls_cipher_set_padding_mode(), then for each
+ * message to encrypt or decrypt with this key, either:
+ * - mbedtls_cipher_crypt() for one-shot processing with
+ * non-AEAD modes;
+ * - mbedtls_cipher_auth_encrypt_ext() or
+ * mbedtls_cipher_auth_decrypt_ext() for one-shot
+ * processing with AEAD modes or NIST_KW;
+ * - for multi-part processing, see the documentation of
+ * mbedtls_cipher_reset().
+ *
+ * \param ctx The context to prepare. This must be initialized by
+ * a call to mbedtls_cipher_init() first.
* \param cipher_info The cipher to use.
*
* \return \c 0 on success.
@@ -448,10 +462,6 @@
* parameter-verification failure.
* \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
* cipher-specific context fails.
- *
- * \internal Currently, the function also clears the structure.
- * In future versions, the caller will be required to call
- * mbedtls_cipher_init() on the structure first.
*/
int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
const mbedtls_cipher_info_t *cipher_info );
@@ -495,10 +505,10 @@
const mbedtls_cipher_context_t *ctx )
{
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
- if( ctx->cipher_info == NULL )
+ if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return 0;
- return ctx->cipher_info->block_size;
+ return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(block_size);
}
/**
@@ -514,10 +524,10 @@
const mbedtls_cipher_context_t *ctx )
{
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_MODE_NONE );
- if( ctx->cipher_info == NULL )
+ if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return MBEDTLS_MODE_NONE;
- return ctx->cipher_info->mode;
+ return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(mode);
}
/**
@@ -534,13 +544,13 @@
const mbedtls_cipher_context_t *ctx )
{
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
- if( ctx->cipher_info == NULL )
+ if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return 0;
- if( ctx->iv_size != 0 )
- return (int) ctx->iv_size;
+ if( ctx->MBEDTLS_PRIVATE(iv_size) != 0 )
+ return (int) ctx->MBEDTLS_PRIVATE(iv_size);
- return (int) ctx->cipher_info->iv_size;
+ return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(iv_size);
}
/**
@@ -556,10 +566,10 @@
{
MBEDTLS_INTERNAL_VALIDATE_RET(
ctx != NULL, MBEDTLS_CIPHER_NONE );
- if( ctx->cipher_info == NULL )
+ if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return MBEDTLS_CIPHER_NONE;
- return ctx->cipher_info->type;
+ return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(type);
}
/**
@@ -575,10 +585,10 @@
const mbedtls_cipher_context_t *ctx )
{
MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
- if( ctx->cipher_info == NULL )
+ if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return 0;
- return ctx->cipher_info->name;
+ return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(name);
}
/**
@@ -595,10 +605,10 @@
{
MBEDTLS_INTERNAL_VALIDATE_RET(
ctx != NULL, MBEDTLS_KEY_LENGTH_NONE );
- if( ctx->cipher_info == NULL )
+ if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return MBEDTLS_KEY_LENGTH_NONE;
- return (int) ctx->cipher_info->key_bitlen;
+ return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(key_bitlen);
}
/**
@@ -614,10 +624,10 @@
{
MBEDTLS_INTERNAL_VALIDATE_RET(
ctx != NULL, MBEDTLS_OPERATION_NONE );
- if( ctx->cipher_info == NULL )
+ if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
return MBEDTLS_OPERATION_NONE;
- return ctx->operation;
+ return ctx->MBEDTLS_PRIVATE(operation);
}
/**
@@ -687,7 +697,30 @@
/**
* \brief This function resets the cipher state.
*
- * \param ctx The generic cipher context. This must be initialized.
+ * \note With non-AEAD ciphers, the order of calls for each message
+ * is as follows:
+ * 1. mbedtls_cipher_set_iv() if the mode uses an IV/nonce.
+ * 2. mbedtls_cipher_reset()
+ * 3. mbedtls_cipher_update() one or more times
+ * 4. mbedtls_cipher_finish()
+ * .
+ * This sequence can be repeated to encrypt or decrypt multiple
+ * messages with the same key.
+ *
+ * \note With AEAD ciphers, the order of calls for each message
+ * is as follows:
+ * 1. mbedtls_cipher_set_iv() if the mode uses an IV/nonce.
+ * 2. mbedtls_cipher_reset()
+ * 3. mbedtls_cipher_update_ad()
+ * 4. mbedtls_cipher_update() one or more times
+ * 5. mbedtls_cipher_finish()
+ * 6. mbedtls_cipher_check_tag() (for decryption) or
+ * mbedtls_cipher_write_tag() (for encryption).
+ * .
+ * This sequence can be repeated to encrypt or decrypt multiple
+ * messages with the same key.
+ *
+ * \param ctx The generic cipher context. This must be bound to a key.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h
index a0563b1..65c831c 100644
--- a/include/mbedtls/cmac.h
+++ b/include/mbedtls/cmac.h
@@ -25,6 +25,7 @@
#ifndef MBEDTLS_CMAC_H
#define MBEDTLS_CMAC_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -55,14 +56,14 @@
struct mbedtls_cmac_context_t
{
/** The internal state of the CMAC algorithm. */
- unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX];
+ unsigned char MBEDTLS_PRIVATE(state)[MBEDTLS_CIPHER_BLKSIZE_MAX];
/** Unprocessed data - either data that was not block aligned and is still
* pending processing, or the final block. */
- unsigned char unprocessed_block[MBEDTLS_CIPHER_BLKSIZE_MAX];
+ unsigned char MBEDTLS_PRIVATE(unprocessed_block)[MBEDTLS_CIPHER_BLKSIZE_MAX];
/** The length of data pending processing. */
- size_t unprocessed_len;
+ size_t MBEDTLS_PRIVATE(unprocessed_len);
};
#else /* !MBEDTLS_CMAC_ALT */
diff --git a/include/mbedtls/compat-2.x.h b/include/mbedtls/compat-2.x.h
new file mode 100644
index 0000000..fe07790
--- /dev/null
+++ b/include/mbedtls/compat-2.x.h
@@ -0,0 +1,66 @@
+/**
+ * \file compat-2.x.h
+ *
+ * \brief Compatibility definitions
+ *
+ * \deprecated Use the new names directly instead
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#warning "Including compat-2.x.h is deprecated"
+#endif
+
+#ifndef MBEDTLS_COMPAT2X_H
+#define MBEDTLS_COMPAT2X_H
+
+/*
+ * Macros for renamed functions
+ */
+#define mbedtls_ctr_drbg_update_ret mbedtls_ctr_drbg_update
+#define mbedtls_hmac_drbg_update_ret mbedtls_hmac_drbg_update
+#define mbedtls_md2_starts_ret mbedtls_md2_starts
+#define mbedtls_md2_update_ret mbedtls_md2_update
+#define mbedtls_md2_finish_ret mbedtls_md2_finish
+#define mbedtls_md2_ret mbedtls_md2
+#define mbedtls_md4_starts_ret mbedtls_md4_starts
+#define mbedtls_md4_update_ret mbedtls_md4_update
+#define mbedtls_md4_finish_ret mbedtls_md4_finish
+#define mbedtls_md4_ret mbedtls_md4
+#define mbedtls_md5_starts_ret mbedtls_md5_starts
+#define mbedtls_md5_update_ret mbedtls_md5_update
+#define mbedtls_md5_finish_ret mbedtls_md5_finish
+#define mbedtls_md5_ret mbedtls_md5
+#define mbedtls_ripemd160_starts_ret mbedtls_ripemd160_starts
+#define mbedtls_ripemd160_update_ret mbedtls_ripemd160_update
+#define mbedtls_ripemd160_finish_ret mbedtls_ripemd160_finish
+#define mbedtls_ripemd160_ret mbedtls_ripemd160
+#define mbedtls_sha1_starts_ret mbedtls_sha1_starts
+#define mbedtls_sha1_update_ret mbedtls_sha1_update
+#define mbedtls_sha1_finish_ret mbedtls_sha1_finish
+#define mbedtls_sha1_ret mbedtls_sha1
+#define mbedtls_sha256_starts_ret mbedtls_sha256_starts
+#define mbedtls_sha256_update_ret mbedtls_sha256_update
+#define mbedtls_sha256_finish_ret mbedtls_sha256_finish
+#define mbedtls_sha256_ret mbedtls_sha256
+#define mbedtls_sha512_starts_ret mbedtls_sha512_starts
+#define mbedtls_sha512_update_ret mbedtls_sha512_update
+#define mbedtls_sha512_finish_ret mbedtls_sha512_finish
+#define mbedtls_sha512_ret mbedtls_sha512
+
+#endif /* MBEDTLS_COMPAT2X_H */
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 715c73a..16f8f8b 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -255,72 +255,6 @@
*/
//#define MBEDTLS_DEPRECATED_REMOVED
-/**
- * \def MBEDTLS_CHECK_PARAMS
- *
- * This configuration option controls whether the library validates more of
- * the parameters passed to it.
- *
- * When this flag is not defined, the library only attempts to validate an
- * input parameter if: (1) they may come from the outside world (such as the
- * network, the filesystem, etc.) or (2) not validating them could result in
- * internal memory errors such as overflowing a buffer controlled by the
- * library. On the other hand, it doesn't attempt to validate parameters whose
- * values are fully controlled by the application (such as pointers).
- *
- * When this flag is defined, the library additionally attempts to validate
- * parameters that are fully controlled by the application, and should always
- * be valid if the application code is fully correct and trusted.
- *
- * For example, when a function accepts as input a pointer to a buffer that may
- * contain untrusted data, and its documentation mentions that this pointer
- * must not be NULL:
- * - The pointer is checked to be non-NULL only if this option is enabled.
- * - The content of the buffer is always validated.
- *
- * When this flag is defined, if a library function receives a parameter that
- * is invalid:
- * 1. The function will invoke the macro MBEDTLS_PARAM_FAILED().
- * 2. If MBEDTLS_PARAM_FAILED() did not terminate the program, the function
- * will immediately return. If the function returns an Mbed TLS error code,
- * the error code in this case is MBEDTLS_ERR_xxx_BAD_INPUT_DATA.
- *
- * When defining this flag, you also need to arrange a definition for
- * MBEDTLS_PARAM_FAILED(). You can do this by any of the following methods:
- * - By default, the library defines MBEDTLS_PARAM_FAILED() to call a
- * function mbedtls_param_failed(), but the library does not define this
- * function. If you do not make any other arrangements, you must provide
- * the function mbedtls_param_failed() in your application.
- * See `platform_util.h` for its prototype.
- * - If you enable the macro #MBEDTLS_CHECK_PARAMS_ASSERT, then the
- * library defines MBEDTLS_PARAM_FAILED(\c cond) to be `assert(cond)`.
- * You can still supply an alternative definition of
- * MBEDTLS_PARAM_FAILED(), which may call `assert`.
- * - If you define a macro MBEDTLS_PARAM_FAILED() before including `config.h`
- * or you uncomment the definition of MBEDTLS_PARAM_FAILED() in `config.h`,
- * the library will call the macro that you defined and will not supply
- * its own version. Note that if MBEDTLS_PARAM_FAILED() calls `assert`,
- * you need to enable #MBEDTLS_CHECK_PARAMS_ASSERT so that library source
- * files include `<assert.h>`.
- *
- * Uncomment to enable validation of application-controlled parameters.
- */
-//#define MBEDTLS_CHECK_PARAMS
-
-/**
- * \def MBEDTLS_CHECK_PARAMS_ASSERT
- *
- * Allow MBEDTLS_PARAM_FAILED() to call `assert`, and make it default to
- * `assert`. This macro is only used if #MBEDTLS_CHECK_PARAMS is defined.
- *
- * If this macro is not defined, then MBEDTLS_PARAM_FAILED() defaults to
- * calling a function mbedtls_param_failed(). See the documentation of
- * #MBEDTLS_CHECK_PARAMS for details.
- *
- * Uncomment to allow MBEDTLS_PARAM_FAILED() to call `assert`.
- */
-//#define MBEDTLS_CHECK_PARAMS_ASSERT
-
/* \} name SECTION: System support */
/**
@@ -683,26 +617,6 @@
//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
/**
- * \def MBEDTLS_REMOVE_3DES_CIPHERSUITES
- *
- * Remove 3DES ciphersuites by default in SSL / TLS.
- * This flag removes the ciphersuites based on 3DES from the default list as
- * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible
- * to enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including
- * them explicitly.
- *
- * A man-in-the-browser attacker can recover authentication tokens sent through
- * a TLS connection using a 3DES based cipher suite (see "On the Practical
- * (In-)Security of 64-bit Block Ciphers" by Karthikeyan Bhargavan and Gaëtan
- * Leurent, see https://sweet32.info/SWEET32_CCS16.pdf). If this attack falls
- * in your threat model or you are unsure, then you should keep this option
- * enabled to remove 3DES based cipher suites.
- *
- * Comment this macro to keep 3DES in the default ciphersuite list.
- */
-#define MBEDTLS_REMOVE_3DES_CIPHERSUITES
-
-/**
* \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
*
* MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
@@ -779,40 +693,11 @@
*
* \note This option only works with the default software implementation of
* elliptic curve functionality. It is incompatible with
- * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT
- * and MBEDTLS_ECDH_LEGACY_CONTEXT.
+ * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT.
*/
//#define MBEDTLS_ECP_RESTARTABLE
/**
- * \def MBEDTLS_ECDH_LEGACY_CONTEXT
- *
- * Use a backward compatible ECDH context.
- *
- * Mbed TLS supports two formats for ECDH contexts (#mbedtls_ecdh_context
- * defined in `ecdh.h`). For most applications, the choice of format makes
- * no difference, since all library functions can work with either format,
- * except that the new format is incompatible with MBEDTLS_ECP_RESTARTABLE.
-
- * The new format used when this option is disabled is smaller
- * (56 bytes on a 32-bit platform). In future versions of the library, it
- * will support alternative implementations of ECDH operations.
- * The new format is incompatible with applications that access
- * context fields directly and with restartable ECP operations.
- *
- * Define this macro if you enable MBEDTLS_ECP_RESTARTABLE or if you
- * want to access ECDH context fields directly. Otherwise you should
- * comment out this macro definition.
- *
- * This option has no effect if #MBEDTLS_ECDH_C is not enabled.
- *
- * \note This configuration option is experimental. Future versions of the
- * library may modify the way the ECDH context layout is configured
- * and may modify the layout of the new context type.
- */
-#define MBEDTLS_ECDH_LEGACY_CONTEXT
-
-/**
* \def MBEDTLS_ECDSA_DETERMINISTIC
*
* Enable deterministic ECDSA (RFC 6979).
@@ -843,7 +728,6 @@
* MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
*/
#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
@@ -866,7 +750,6 @@
* MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
*
* \warning Using DHE constitutes a security risk as it
* is not possible to validate custom DH parameters.
@@ -892,7 +775,6 @@
* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
* MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
*/
#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
@@ -916,7 +798,6 @@
* MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
*/
#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
@@ -942,7 +823,6 @@
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
*/
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
@@ -968,7 +848,6 @@
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
*
* \warning Using DHE constitutes a security risk as it
* is not possible to validate custom DH parameters.
@@ -999,7 +878,6 @@
* MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
*/
#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
@@ -1022,7 +900,6 @@
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
* MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
*/
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
@@ -1035,7 +912,6 @@
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
* MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
@@ -1058,7 +934,6 @@
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
- * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
* MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
* MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
* MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
@@ -1597,16 +1472,6 @@
#define MBEDTLS_SSL_RENEGOTIATION
/**
- * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
- *
- * Pick the ciphersuite according to the client's preferences rather than ours
- * in the SSL Server module (MBEDTLS_SSL_SRV_C).
- *
- * Uncomment this macro to respect client's ciphersuite order
- */
-//#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
-
-/**
* \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
*
* Enable support for RFC 6066 max_fragment_length extension in SSL.
@@ -1749,17 +1614,6 @@
#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
/**
- * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
- *
- * Enable support for a limit of records with bad MAC.
- *
- * See mbedtls_ssl_conf_dtls_badmac_limit().
- *
- * Requires: MBEDTLS_SSL_PROTO_DTLS
- */
-#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
-
-/**
* \def MBEDTLS_SSL_SESSION_TICKETS
*
* Enable support for RFC 5077 session tickets in SSL.
@@ -1950,28 +1804,6 @@
#define MBEDTLS_VERSION_FEATURES
/**
- * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
- *
- * If set, the X509 parser will not break-off when parsing an X509 certificate
- * and encountering an extension in a v1 or v2 certificate.
- *
- * Uncomment to prevent an error.
- */
-//#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
-
-/**
- * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
- *
- * If set, the X509 parser will not break-off when parsing an X509 certificate
- * and encountering an unknown critical extension.
- *
- * \warning Depending on your PKI use, enabling this can be a security risk!
- *
- * Uncomment to prevent an error.
- */
-//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
-
-/**
* \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
*
* If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_ca_cb()`
@@ -1991,33 +1823,6 @@
//#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
/**
- * \def MBEDTLS_X509_CHECK_KEY_USAGE
- *
- * Enable verification of the keyUsage extension (CA and leaf certificates).
- *
- * Disabling this avoids problems with mis-issued and/or misused
- * (intermediate) CA and leaf certificates.
- *
- * \warning Depending on your PKI use, disabling this can be a security risk!
- *
- * Comment to skip keyUsage checking for both CA and leaf certificates.
- */
-#define MBEDTLS_X509_CHECK_KEY_USAGE
-
-/**
- * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
- *
- * Enable verification of the extendedKeyUsage extension (leaf certificates).
- *
- * Disabling this avoids problems with mis-issued and/or misused certificates.
- *
- * \warning Depending on your PKI use, disabling this can be a security risk!
- *
- * Comment to skip extendedKeyUsage checking for certificates.
- */
-#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
-
-/**
* \def MBEDTLS_X509_REMOVE_INFO
*
* Disable mbedtls_x509_*_info() and related APIs.
@@ -2433,19 +2238,6 @@
* Caller: library/pem.c
* library/cipher.c
*
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
- * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
- * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
- * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
- * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
- *
* PEM_PARSE uses DES/3DES for decrypting encrypted keys.
*
* \warning DES is considered a weak cipher and its use constitutes a
@@ -3353,7 +3145,6 @@
//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
/* ECP options */
-//#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */
//#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */
//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */
@@ -3396,42 +3187,6 @@
//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
-/**
- * \brief This macro is invoked by the library when an invalid parameter
- * is detected that is only checked with #MBEDTLS_CHECK_PARAMS
- * (see the documentation of that option for context).
- *
- * When you leave this undefined here, the library provides
- * a default definition. If the macro #MBEDTLS_CHECK_PARAMS_ASSERT
- * is defined, the default definition is `assert(cond)`,
- * otherwise the default definition calls a function
- * mbedtls_param_failed(). This function is declared in
- * `platform_util.h` for the benefit of the library, but
- * you need to define in your application.
- *
- * When you define this here, this replaces the default
- * definition in platform_util.h (which no longer declares the
- * function mbedtls_param_failed()) and it is your responsibility
- * to make sure this macro expands to something suitable (in
- * particular, that all the necessary declarations are visible
- * from within the library - you can ensure that by providing
- * them in this file next to the macro definition).
- * If you define this macro to call `assert`, also define
- * #MBEDTLS_CHECK_PARAMS_ASSERT so that library source files
- * include `<assert.h>`.
- *
- * Note that you may define this macro to expand to nothing, in
- * which case you don't have to worry about declarations or
- * definitions. However, you will then be notified about invalid
- * parameters only in non-void functions, and void function will
- * just silently return early on invalid parameters, which
- * partially negates the benefits of enabling
- * #MBEDTLS_CHECK_PARAMS in the first place, so is discouraged.
- *
- * \param cond The expression that should evaluate to true, but doesn't.
- */
-//#define MBEDTLS_PARAM_FAILED( cond ) assert( cond )
-
/* PSA options */
/**
* Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the
@@ -3497,27 +3252,10 @@
*/
//#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
-/** \def MBEDTLS_SSL_CID_PADDING_GRANULARITY
+/** \def MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
*
* This option controls the use of record plaintext padding
- * when using the Connection ID extension in DTLS 1.2.
- *
- * The padding will always be chosen so that the length of the
- * padded plaintext is a multiple of the value of this option.
- *
- * Note: A value of \c 1 means that no padding will be used
- * for outgoing records.
- *
- * Note: On systems lacking division instructions,
- * a power of two should be preferred.
- *
- */
-//#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16
-
-/** \def MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY
- *
- * This option controls the use of record plaintext padding
- * in TLS 1.3.
+ * in TLS 1.3 and when using the Connection ID extension in DTLS 1.2.
*
* The padding will always be chosen so that the length of the
* padded plaintext is a multiple of the value of this option.
@@ -3528,7 +3266,7 @@
* Note: On systems lacking division instructions,
* a power of two should be preferred.
*/
-//#define MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY 1
+//#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
/** \def MBEDTLS_SSL_OUT_CONTENT_LEN
*
diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index 2032a36..f5db94e 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -38,6 +38,30 @@
extern "C" {
#endif
+
+
+/****************************************************************/
+/* De facto synonyms */
+/****************************************************************/
+
+#if defined(PSA_WANT_ALG_ECDSA_ANY) && !defined(PSA_WANT_ALG_ECDSA)
+#define PSA_WANT_ALG_ECDSA PSA_WANT_ALG_ECDSA_ANY
+#elif !defined(PSA_WANT_ALG_ECDSA_ANY) && defined(PSA_WANT_ALG_ECDSA)
+#define PSA_WANT_ALG_ECDSA_ANY PSA_WANT_ALG_ECDSA
+#endif
+
+#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
+#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW
+#elif !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
+#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW PSA_WANT_ALG_RSA_PKCS1V15_SIGN
+#endif
+
+
+
+/****************************************************************/
+/* Require built-in implementations based on PSA requirements */
+/****************************************************************/
+
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
@@ -497,6 +521,12 @@
#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 */
#endif /* PSA_WANT_ECC_SECP_K1_256 */
+
+
+/****************************************************************/
+/* Infer PSA requirements from Mbed TLS capabilities */
+/****************************************************************/
+
#else /* MBEDTLS_PSA_CRYPTO_CONFIG */
/*
@@ -522,6 +552,7 @@
#if defined(MBEDTLS_ECDSA_C)
#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
#define PSA_WANT_ALG_ECDSA 1
+#define PSA_WANT_ALG_ECDSA_ANY 1
// Only add in DETERMINISTIC support if ECDSA is also enabled
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
@@ -586,6 +617,7 @@
#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
+#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW 1
#endif /* MBEDTLSS_PKCS1_V15 */
#if defined(MBEDTLS_PKCS1_V21)
#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h
index 0f2c551..b8e2c71 100644
--- a/include/mbedtls/ctr_drbg.h
+++ b/include/mbedtls/ctr_drbg.h
@@ -40,6 +40,7 @@
#ifndef MBEDTLS_CTR_DRBG_H
#define MBEDTLS_CTR_DRBG_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -168,8 +169,8 @@
*/
typedef struct mbedtls_ctr_drbg_context
{
- unsigned char counter[16]; /*!< The counter (V). */
- int reseed_counter; /*!< The reseed counter.
+ unsigned char MBEDTLS_PRIVATE(counter)[16]; /*!< The counter (V). */
+ int MBEDTLS_PRIVATE(reseed_counter); /*!< The reseed counter.
* This is the number of requests that have
* been made since the last (re)seeding,
* minus one.
@@ -179,25 +180,25 @@
* or -1 if no nonce length has been explicitly
* set (see mbedtls_ctr_drbg_set_nonce_len()).
*/
- int prediction_resistance; /*!< This determines whether prediction
+ int MBEDTLS_PRIVATE(prediction_resistance); /*!< This determines whether prediction
resistance is enabled, that is
whether to systematically reseed before
each random generation. */
- size_t entropy_len; /*!< The amount of entropy grabbed on each
+ size_t MBEDTLS_PRIVATE(entropy_len); /*!< The amount of entropy grabbed on each
seed or reseed operation, in bytes. */
- int reseed_interval; /*!< The reseed interval.
+ int MBEDTLS_PRIVATE(reseed_interval); /*!< The reseed interval.
* This is the maximum number of requests
* that can be made between reseedings. */
- mbedtls_aes_context aes_ctx; /*!< The AES context. */
+ mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */
/*
* Callbacks (Entropy)
*/
- int (*f_entropy)(void *, unsigned char *, size_t);
+ int (*MBEDTLS_PRIVATE(f_entropy))(void *, unsigned char *, size_t);
/*!< The entropy callback function. */
- void *p_entropy; /*!< The context for the entropy function. */
+ void *MBEDTLS_PRIVATE(p_entropy); /*!< The context for the entropy function. */
#if defined(MBEDTLS_THREADING_C)
/* Invariant: the mutex is initialized if and only if f_entropy != NULL.
@@ -207,7 +208,7 @@
* Note that this invariant may change without notice. Do not rely on it
* and do not access the mutex directly in application code.
*/
- mbedtls_threading_mutex_t mutex;
+ mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
#endif
}
mbedtls_ctr_drbg_context;
@@ -462,9 +463,9 @@
* #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
* \return An error from the underlying AES cipher on failure.
*/
-int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx,
- const unsigned char *additional,
- size_t add_len );
+int mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
+ const unsigned char *additional,
+ size_t add_len );
/**
* \brief This function updates a CTR_DRBG instance with additional
diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h
index 92da73f..24d2402 100644
--- a/include/mbedtls/des.h
+++ b/include/mbedtls/des.h
@@ -26,6 +26,7 @@
*/
#ifndef MBEDTLS_DES_H
#define MBEDTLS_DES_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -60,7 +61,7 @@
*/
typedef struct mbedtls_des_context
{
- uint32_t sk[32]; /*!< DES subkeys */
+ uint32_t MBEDTLS_PRIVATE(sk)[32]; /*!< DES subkeys */
}
mbedtls_des_context;
@@ -69,7 +70,7 @@
*/
typedef struct mbedtls_des3_context
{
- uint32_t sk[96]; /*!< 3DES subkeys */
+ uint32_t MBEDTLS_PRIVATE(sk)[96]; /*!< 3DES subkeys */
}
mbedtls_des3_context;
diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h
index 0e8892e..e8c8a82 100644
--- a/include/mbedtls/dhm.h
+++ b/include/mbedtls/dhm.h
@@ -62,6 +62,7 @@
#ifndef MBEDTLS_DHM_H
#define MBEDTLS_DHM_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -84,6 +85,17 @@
#define MBEDTLS_ERR_DHM_FILE_IO_ERROR -0x3480 /**< Read or write of file failed. */
#define MBEDTLS_ERR_DHM_SET_GROUP_FAILED -0x3580 /**< Setting the modulus and generator failed. */
+/** Which parameter to access in mbedtls_dhm_get_value(). */
+typedef enum
+{
+ MBEDTLS_DHM_PARAM_P, /*!< The prime modulus. */
+ MBEDTLS_DHM_PARAM_G, /*!< The generator. */
+ MBEDTLS_DHM_PARAM_X, /*!< Our secret value. */
+ MBEDTLS_DHM_PARAM_GX, /*!< Our public key = \c G^X mod \c P. */
+ MBEDTLS_DHM_PARAM_GY, /*!< The public key of the peer = \c G^Y mod \c P. */
+ MBEDTLS_DHM_PARAM_K, /*!< The shared secret = \c G^(XY) mod \c P. */
+} mbedtls_dhm_parameter;
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -95,17 +107,16 @@
*/
typedef struct mbedtls_dhm_context
{
- size_t len; /*!< The size of \p P in Bytes. */
- mbedtls_mpi P; /*!< The prime modulus. */
- mbedtls_mpi G; /*!< The generator. */
- mbedtls_mpi X; /*!< Our secret value. */
- mbedtls_mpi GX; /*!< Our public key = \c G^X mod \c P. */
- mbedtls_mpi GY; /*!< The public key of the peer = \c G^Y mod \c P. */
- mbedtls_mpi K; /*!< The shared secret = \c G^(XY) mod \c P. */
- mbedtls_mpi RP; /*!< The cached value = \c R^2 mod \c P. */
- mbedtls_mpi Vi; /*!< The blinding value. */
- mbedtls_mpi Vf; /*!< The unblinding value. */
- mbedtls_mpi pX; /*!< The previous \c X. */
+ mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The prime modulus. */
+ mbedtls_mpi MBEDTLS_PRIVATE(G); /*!< The generator. */
+ mbedtls_mpi MBEDTLS_PRIVATE(X); /*!< Our secret value. */
+ mbedtls_mpi MBEDTLS_PRIVATE(GX); /*!< Our public key = \c G^X mod \c P. */
+ mbedtls_mpi MBEDTLS_PRIVATE(GY); /*!< The public key of the peer = \c G^Y mod \c P. */
+ mbedtls_mpi MBEDTLS_PRIVATE(K); /*!< The shared secret = \c G^(XY) mod \c P. */
+ mbedtls_mpi MBEDTLS_PRIVATE(RP); /*!< The cached value = \c R^2 mod \c P. */
+ mbedtls_mpi MBEDTLS_PRIVATE(Vi); /*!< The blinding value. */
+ mbedtls_mpi MBEDTLS_PRIVATE(Vf); /*!< The unblinding value. */
+ mbedtls_mpi MBEDTLS_PRIVATE(pX); /*!< The previous \c X. */
}
mbedtls_dhm_context;
@@ -282,6 +293,42 @@
void *p_rng );
/**
+ * \brief This function returns the size of the prime modulus in bits.
+ *
+ * \param ctx The DHM context to query.
+ *
+ * \return The size of the prime modulus in bits,
+ * i.e. the number n such that 2^(n-1) <= P < 2^n.
+ */
+size_t mbedtls_dhm_get_bitlen( const mbedtls_dhm_context *ctx );
+
+/**
+ * \brief This function returns the size of the prime modulus in bytes.
+ *
+ * \param ctx The DHM context to query.
+ *
+ * \return The size of the prime modulus in bytes,
+ * i.e. the number n such that 2^(8*(n-1)) <= P < 2^(8*n).
+ */
+size_t mbedtls_dhm_get_len( const mbedtls_dhm_context *ctx );
+
+/**
+ * \brief This function copies a parameter of a DHM key.
+ *
+ * \param ctx The DHM context to query.
+ * \param param The parameter to copy.
+ * \param dest The MPI object to copy the value into. It must be
+ * initialized.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_DHM_BAD_INPUT_DATA if \p field is invalid.
+ * \return An \c MBEDTLS_ERR_MPI_XXX error code if the copy fails.
+ */
+int mbedtls_dhm_get_value( const mbedtls_dhm_context *ctx,
+ mbedtls_dhm_parameter param,
+ mbedtls_mpi *dest );
+
+/**
* \brief This function frees and clears the components
* of a DHM context.
*
diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h
index 05855cd..2a0980b 100644
--- a/include/mbedtls/ecdh.h
+++ b/include/mbedtls/ecdh.h
@@ -31,6 +31,7 @@
#ifndef MBEDTLS_ECDH_H
#define MBEDTLS_ECDH_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -40,6 +41,25 @@
#include "mbedtls/ecp.h"
+/*
+ * Mbed TLS supports two formats for ECDH contexts (#mbedtls_ecdh_context
+ * defined in `ecdh.h`). For most applications, the choice of format makes
+ * no difference, since all library functions can work with either format,
+ * except that the new format is incompatible with MBEDTLS_ECP_RESTARTABLE.
+
+ * The new format used when this option is disabled is smaller
+ * (56 bytes on a 32-bit platform). In future versions of the library, it
+ * will support alternative implementations of ECDH operations.
+ * The new format is incompatible with applications that access
+ * context fields directly and with restartable ECP operations.
+ */
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+#define MBEDTLS_ECDH_LEGACY_CONTEXT
+#else
+#undef MBEDTLS_ECDH_LEGACY_CONTEXT
+#endif
+
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
#undef MBEDTLS_ECDH_LEGACY_CONTEXT
#include "everest/everest.h"
@@ -83,13 +103,13 @@
*/
typedef struct mbedtls_ecdh_context_mbed
{
- mbedtls_ecp_group grp; /*!< The elliptic curve used. */
- mbedtls_mpi d; /*!< The private key. */
- mbedtls_ecp_point Q; /*!< The public key. */
- mbedtls_ecp_point Qp; /*!< The value of the public key of the peer. */
- mbedtls_mpi z; /*!< The shared secret. */
+ mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< The elliptic curve used. */
+ mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< The private key. */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< The public key. */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Qp); /*!< The value of the public key of the peer. */
+ mbedtls_mpi MBEDTLS_PRIVATE(z); /*!< The shared secret. */
#if defined(MBEDTLS_ECP_RESTARTABLE)
- mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */
+ mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(rs); /*!< The restart context for EC computations. */
#endif
} mbedtls_ecdh_context_mbed;
#endif
@@ -104,35 +124,35 @@
typedef struct mbedtls_ecdh_context
{
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
- mbedtls_ecp_group grp; /*!< The elliptic curve used. */
- mbedtls_mpi d; /*!< The private key. */
- mbedtls_ecp_point Q; /*!< The public key. */
- mbedtls_ecp_point Qp; /*!< The value of the public key of the peer. */
- mbedtls_mpi z; /*!< The shared secret. */
- int point_format; /*!< The format of point export in TLS messages. */
- mbedtls_ecp_point Vi; /*!< The blinding value. */
- mbedtls_ecp_point Vf; /*!< The unblinding value. */
- mbedtls_mpi _d; /*!< The previous \p d. */
+ mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< The elliptic curve used. */
+ mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< The private key. */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< The public key. */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Qp); /*!< The value of the public key of the peer. */
+ mbedtls_mpi MBEDTLS_PRIVATE(z); /*!< The shared secret. */
+ int MBEDTLS_PRIVATE(point_format); /*!< The format of point export in TLS messages. */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Vi); /*!< The blinding value. */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Vf); /*!< The unblinding value. */
+ mbedtls_mpi MBEDTLS_PRIVATE(_d); /*!< The previous \p d. */
#if defined(MBEDTLS_ECP_RESTARTABLE)
- int restart_enabled; /*!< The flag for restartable mode. */
- mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */
+ int MBEDTLS_PRIVATE(restart_enabled); /*!< The flag for restartable mode. */
+ mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(rs); /*!< The restart context for EC computations. */
#endif /* MBEDTLS_ECP_RESTARTABLE */
#else
- uint8_t point_format; /*!< The format of point export in TLS messages
+ uint8_t MBEDTLS_PRIVATE(point_format); /*!< The format of point export in TLS messages
as defined in RFC 4492. */
- mbedtls_ecp_group_id grp_id;/*!< The elliptic curve used. */
- mbedtls_ecdh_variant var; /*!< The ECDH implementation/structure used. */
+ mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id);/*!< The elliptic curve used. */
+ mbedtls_ecdh_variant MBEDTLS_PRIVATE(var); /*!< The ECDH implementation/structure used. */
union
{
- mbedtls_ecdh_context_mbed mbed_ecdh;
+ mbedtls_ecdh_context_mbed MBEDTLS_PRIVATE(mbed_ecdh);
#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
- mbedtls_ecdh_context_everest everest_ecdh;
+ mbedtls_ecdh_context_everest MBEDTLS_PRIVATE(everest_ecdh);
#endif
- } ctx; /*!< Implementation-specific context. The
+ } MBEDTLS_PRIVATE(ctx); /*!< Implementation-specific context. The
context in use is specified by the \c var
field. */
#if defined(MBEDTLS_ECP_RESTARTABLE)
- uint8_t restart_enabled; /*!< The flag for restartable mode. Functions of
+ uint8_t MBEDTLS_PRIVATE(restart_enabled); /*!< The flag for restartable mode. Functions of
an alternative implementation not supporting
restartable mode must return
MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED error
diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h
index 525de5d..735d377 100644
--- a/include/mbedtls/ecdsa.h
+++ b/include/mbedtls/ecdsa.h
@@ -29,6 +29,7 @@
#ifndef MBEDTLS_ECDSA_H
#define MBEDTLS_ECDSA_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -107,12 +108,12 @@
*/
typedef struct
{
- mbedtls_ecp_restart_ctx ecp; /*!< base context for ECP restart and
+ mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(ecp); /*!< base context for ECP restart and
shared administrative info */
- mbedtls_ecdsa_restart_ver_ctx *ver; /*!< ecdsa_verify() sub-context */
- mbedtls_ecdsa_restart_sig_ctx *sig; /*!< ecdsa_sign() sub-context */
+ mbedtls_ecdsa_restart_ver_ctx *MBEDTLS_PRIVATE(ver); /*!< ecdsa_verify() sub-context */
+ mbedtls_ecdsa_restart_sig_ctx *MBEDTLS_PRIVATE(sig); /*!< ecdsa_sign() sub-context */
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
- mbedtls_ecdsa_restart_det_ctx *det; /*!< ecdsa_sign_det() sub-context */
+ mbedtls_ecdsa_restart_det_ctx *MBEDTLS_PRIVATE(det); /*!< ecdsa_sign_det() sub-context */
#endif
} mbedtls_ecdsa_restart_ctx;
diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h
index 891705d..27a091d 100644
--- a/include/mbedtls/ecjpake.h
+++ b/include/mbedtls/ecjpake.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_ECJPAKE_H
#define MBEDTLS_ECJPAKE_H
+#include "mbedtls/private_access.h"
/*
* J-PAKE is a password-authenticated key exchange that allows deriving a
@@ -73,21 +74,21 @@
*/
typedef struct mbedtls_ecjpake_context
{
- const mbedtls_md_info_t *md_info; /**< Hash to use */
- mbedtls_ecp_group grp; /**< Elliptic curve */
- mbedtls_ecjpake_role role; /**< Are we client or server? */
- int point_format; /**< Format for point export */
+ const mbedtls_md_info_t *MBEDTLS_PRIVATE(md_info); /**< Hash to use */
+ mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /**< Elliptic curve */
+ mbedtls_ecjpake_role MBEDTLS_PRIVATE(role); /**< Are we client or server? */
+ int MBEDTLS_PRIVATE(point_format); /**< Format for point export */
- mbedtls_ecp_point Xm1; /**< My public key 1 C: X1, S: X3 */
- mbedtls_ecp_point Xm2; /**< My public key 2 C: X2, S: X4 */
- mbedtls_ecp_point Xp1; /**< Peer public key 1 C: X3, S: X1 */
- mbedtls_ecp_point Xp2; /**< Peer public key 2 C: X4, S: X2 */
- mbedtls_ecp_point Xp; /**< Peer public key C: Xs, S: Xc */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Xm1); /**< My public key 1 C: X1, S: X3 */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Xm2); /**< My public key 2 C: X2, S: X4 */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Xp1); /**< Peer public key 1 C: X3, S: X1 */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Xp2); /**< Peer public key 2 C: X4, S: X2 */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Xp); /**< Peer public key C: Xs, S: Xc */
- mbedtls_mpi xm1; /**< My private key 1 C: x1, S: x3 */
- mbedtls_mpi xm2; /**< My private key 2 C: x2, S: x4 */
+ mbedtls_mpi MBEDTLS_PRIVATE(xm1); /**< My private key 1 C: x1, S: x3 */
+ mbedtls_mpi MBEDTLS_PRIVATE(xm2); /**< My private key 2 C: x2, S: x4 */
- mbedtls_mpi s; /**< Pre-shared secret (passphrase) */
+ mbedtls_mpi MBEDTLS_PRIVATE(s); /**< Pre-shared secret (passphrase) */
} mbedtls_ecjpake_context;
#else /* MBEDTLS_ECJPAKE_ALT */
@@ -131,6 +132,21 @@
size_t len );
/**
+ * \brief Set the point format for future reads and writes.
+ *
+ * \param ctx The ECJPAKE context to configure.
+ * \param point_format The point format to use:
+ * #MBEDTLS_ECP_PF_UNCOMPRESSED (default)
+ * or #MBEDTLS_ECP_PF_COMPRESSED.
+ *
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p point_format
+ * is invalid.
+ */
+int mbedtls_ecjpake_set_point_format( mbedtls_ecjpake_context *ctx,
+ int point_format );
+
+/**
* \brief Check if an ECJPAKE context is ready for use.
*
* \param ctx The ECJPAKE context to check. This must be
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index dd400a0..49e85d9 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -33,6 +33,7 @@
#ifndef MBEDTLS_ECP_H
#define MBEDTLS_ECP_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -92,6 +93,7 @@
* - Add it at the end of this enum, otherwise you'll break the ABI by
* changing the numerical value for existing curves.
* - Increment MBEDTLS_ECP_DP_MAX below if needed.
+ * - Update the calculation of MBEDTLS_ECP_MAX_BITS below.
* - Add the corresponding MBEDTLS_ECP_DP_xxx_ENABLED macro definition to
* config.h.
* - List the curve as a dependency of MBEDTLS_ECP_C and
@@ -100,7 +102,8 @@
* MBEDTLS_ECP_yyy_ENABLED above.
* - Add the necessary definitions to ecp_curves.c.
* - Add the curve to the ecp_supported_curves array in ecp.c.
- * - Add the curve to applicable profiles in x509_crt.c if applicable.
+ * - Add the curve to applicable profiles in x509_crt.c.
+ * - Add the curve to applicable presets in ssl_tls.c.
*/
typedef enum
{
@@ -142,10 +145,10 @@
*/
typedef struct mbedtls_ecp_curve_info
{
- mbedtls_ecp_group_id grp_id; /*!< An internal identifier. */
- uint16_t tls_id; /*!< The TLS NamedCurve identifier. */
- uint16_t bit_size; /*!< The curve size in bits. */
- const char *name; /*!< A human-friendly name. */
+ mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id); /*!< An internal identifier. */
+ uint16_t MBEDTLS_PRIVATE(tls_id); /*!< The TLS NamedCurve identifier. */
+ uint16_t MBEDTLS_PRIVATE(bit_size); /*!< The curve size in bits. */
+ const char *MBEDTLS_PRIVATE(name); /*!< A human-friendly name. */
} mbedtls_ecp_curve_info;
/**
@@ -161,9 +164,9 @@
*/
typedef struct mbedtls_ecp_point
{
- mbedtls_mpi X; /*!< The X coordinate of the ECP point. */
- mbedtls_mpi Y; /*!< The Y coordinate of the ECP point. */
- mbedtls_mpi Z; /*!< The Z coordinate of the ECP point. */
+ mbedtls_mpi MBEDTLS_PRIVATE(X); /*!< The X coordinate of the ECP point. */
+ mbedtls_mpi MBEDTLS_PRIVATE(Y); /*!< The Y coordinate of the ECP point. */
+ mbedtls_mpi MBEDTLS_PRIVATE(Z); /*!< The Z coordinate of the ECP point. */
}
mbedtls_ecp_point;
@@ -203,10 +206,16 @@
* additions or subtractions. Therefore, it is only an approximative modular
* reduction. It must return 0 on success and non-zero on failure.
*
- * \note Alternative implementations must keep the group IDs distinct. If
- * two group structures have the same ID, then they must be
- * identical.
- *
+ * \note Alternative implementations of the ECP module must obey the
+ * following constraints.
+ * * Group IDs must be distinct: if two group structures have
+ * the same ID, then they must be identical.
+ * * The fields \c id, \c P, \c A, \c B, \c G, \c N,
+ * \c pbits and \c nbits must have the same type and semantics
+ * as in the built-in implementation.
+ * They must be available for reading, but direct modification
+ * of these fields does not need to be supported.
+ * They do not need to be at the same offset in the structure.
*/
typedef struct mbedtls_ecp_group
{
@@ -222,14 +231,16 @@
size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P.
For Montgomery curves: the number of bits in the
private keys. */
- unsigned int h; /*!< \internal 1 if the constants are static. */
- int (*modp)(mbedtls_mpi *); /*!< The function for fast pseudo-reduction
+ /* End of public fields */
+
+ unsigned int MBEDTLS_PRIVATE(h); /*!< \internal 1 if the constants are static. */
+ int (*MBEDTLS_PRIVATE(modp))(mbedtls_mpi *); /*!< The function for fast pseudo-reduction
mod \p P (see above).*/
- int (*t_pre)(mbedtls_ecp_point *, void *); /*!< Unused. */
- int (*t_post)(mbedtls_ecp_point *, void *); /*!< Unused. */
- void *t_data; /*!< Unused. */
- mbedtls_ecp_point *T; /*!< Pre-computed points for ecp_mul_comb(). */
- size_t T_size; /*!< The number of pre-computed points. */
+ int (*MBEDTLS_PRIVATE(t_pre))(mbedtls_ecp_point *, void *); /*!< Unused. */
+ int (*MBEDTLS_PRIVATE(t_post))(mbedtls_ecp_point *, void *); /*!< Unused. */
+ void *MBEDTLS_PRIVATE(t_data); /*!< Unused. */
+ mbedtls_ecp_point *MBEDTLS_PRIVATE(T); /*!< Pre-computed points for ecp_mul_comb(). */
+ size_t MBEDTLS_PRIVATE(T_size); /*!< The number of dynamic allocated pre-computed points. */
}
mbedtls_ecp_group;
@@ -241,16 +252,6 @@
* \{
*/
-#if !defined(MBEDTLS_ECP_MAX_BITS)
-/**
- * The maximum size of the groups, that is, of \c N and \c P.
- */
-#define MBEDTLS_ECP_MAX_BITS 521 /**< The maximum size of groups, in bits. */
-#endif
-
-#define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
-#define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )
-
#if !defined(MBEDTLS_ECP_WINDOW_SIZE)
/*
* Maximum "window" size used for point multiplication.
@@ -276,15 +277,16 @@
#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
/*
- * Trade memory for speed on fixed-point multiplication.
+ * Trade code size for speed on fixed-point multiplication.
*
* This speeds up repeated multiplication of the generator (that is, the
* multiplication in ECDSA signatures, and half of the multiplications in
* ECDSA verification and ECDHE) by a factor roughly 3 to 4.
*
- * The cost is increasing EC peak memory usage by a factor roughly 2.
+ * For each n-bit Short Weierstrass curve that is enabled, this adds 4n bytes
+ * of code size if n < 384 and 8n otherwise.
*
- * Change this value to 0 to reduce peak memory usage.
+ * Change this value to 0 to reduce code size.
*/
#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up. */
#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
@@ -295,6 +297,47 @@
#include "ecp_alt.h"
#endif /* MBEDTLS_ECP_ALT */
+/**
+ * The maximum size of the groups, that is, of \c N and \c P.
+ */
+#if !defined(MBEDTLS_ECP_C)
+/* Dummy definition to help code that has optional ECP support and
+ * defines an MBEDTLS_ECP_MAX_BYTES-sized array unconditionally. */
+#define MBEDTLS_ECP_MAX_BITS 1
+/* Note: the curves must be listed in DECREASING size! */
+#elif defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS 521
+#elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS 512
+#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS 448
+#elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS 384
+#elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS 384
+#elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS 256
+#elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS 256
+#elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS 256
+#elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS 255
+#elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS 225 // n is slightly above 2^224
+#elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS 224
+#elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS 192
+#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS 192
+#else
+#error "Missing definition of MBEDTLS_ECP_MAX_BITS"
+#endif
+
+#define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
+#define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )
+
#if defined(MBEDTLS_ECP_RESTARTABLE)
/**
@@ -316,10 +359,10 @@
*/
typedef struct
{
- unsigned ops_done; /*!< current ops count */
- unsigned depth; /*!< call depth (0 = top-level) */
- mbedtls_ecp_restart_mul_ctx *rsm; /*!< ecp_mul_comb() sub-context */
- mbedtls_ecp_restart_muladd_ctx *ma; /*!< ecp_muladd() sub-context */
+ unsigned MBEDTLS_PRIVATE(ops_done); /*!< current ops count */
+ unsigned MBEDTLS_PRIVATE(depth); /*!< call depth (0 = top-level) */
+ mbedtls_ecp_restart_mul_ctx *MBEDTLS_PRIVATE(rsm); /*!< ecp_mul_comb() sub-context */
+ mbedtls_ecp_restart_muladd_ctx *MBEDTLS_PRIVATE(ma); /*!< ecp_muladd() sub-context */
} mbedtls_ecp_restart_ctx;
/*
@@ -369,9 +412,9 @@
*/
typedef struct mbedtls_ecp_keypair
{
- mbedtls_ecp_group grp; /*!< Elliptic curve and base point */
- mbedtls_mpi d; /*!< our secret value */
- mbedtls_ecp_point Q; /*!< our public value */
+ mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< Elliptic curve and base point */
+ mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< our secret value */
+ mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< our public value */
}
mbedtls_ecp_keypair;
diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h
index c51e641..78591e7 100644
--- a/include/mbedtls/entropy.h
+++ b/include/mbedtls/entropy.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_ENTROPY_H
#define MBEDTLS_ENTROPY_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -104,11 +105,11 @@
*/
typedef struct mbedtls_entropy_source_state
{
- mbedtls_entropy_f_source_ptr f_source; /**< The entropy source callback */
- void * p_source; /**< The callback data pointer */
- size_t size; /**< Amount received in bytes */
- size_t threshold; /**< Minimum bytes required before release */
- int strong; /**< Is the source strong? */
+ mbedtls_entropy_f_source_ptr MBEDTLS_PRIVATE(f_source); /**< The entropy source callback */
+ void * MBEDTLS_PRIVATE(p_source); /**< The callback data pointer */
+ size_t MBEDTLS_PRIVATE(size); /**< Amount received in bytes */
+ size_t MBEDTLS_PRIVATE(threshold); /**< Minimum bytes required before release */
+ int MBEDTLS_PRIVATE(strong); /**< Is the source strong? */
}
mbedtls_entropy_source_state;
@@ -117,21 +118,21 @@
*/
typedef struct mbedtls_entropy_context
{
- int accumulator_started; /* 0 after init.
+ int MBEDTLS_PRIVATE(accumulator_started); /* 0 after init.
* 1 after the first update.
* -1 after free. */
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
- mbedtls_sha512_context accumulator;
+ mbedtls_sha512_context MBEDTLS_PRIVATE(accumulator);
#else
- mbedtls_sha256_context accumulator;
+ mbedtls_sha256_context MBEDTLS_PRIVATE(accumulator);
#endif
- int source_count; /* Number of entries used in source. */
- mbedtls_entropy_source_state source[MBEDTLS_ENTROPY_MAX_SOURCES];
+ int MBEDTLS_PRIVATE(source_count); /* Number of entries used in source. */
+ mbedtls_entropy_source_state MBEDTLS_PRIVATE(source)[MBEDTLS_ENTROPY_MAX_SOURCES];
#if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t mutex; /*!< mutex */
+ mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */
#endif
#if defined(MBEDTLS_ENTROPY_NV_SEED)
- int initial_entropy_run;
+ int MBEDTLS_PRIVATE(initial_entropy_run);
#endif
}
mbedtls_entropy_context;
diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h
index a2fc2ab..c8e384a 100644
--- a/include/mbedtls/gcm.h
+++ b/include/mbedtls/gcm.h
@@ -30,6 +30,7 @@
#ifndef MBEDTLS_GCM_H
#define MBEDTLS_GCM_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -58,15 +59,15 @@
*/
typedef struct mbedtls_gcm_context
{
- mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
- uint64_t HL[16]; /*!< Precalculated HTable low. */
- uint64_t HH[16]; /*!< Precalculated HTable high. */
- uint64_t len; /*!< The total length of the encrypted data. */
- uint64_t add_len; /*!< The total length of the additional data. */
- unsigned char base_ectr[16]; /*!< The first ECTR for tag. */
- unsigned char y[16]; /*!< The Y working value. */
- unsigned char buf[16]; /*!< The buf working value. */
- int mode; /*!< The operation to perform:
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
+ uint64_t MBEDTLS_PRIVATE(HL)[16]; /*!< Precalculated HTable low. */
+ uint64_t MBEDTLS_PRIVATE(HH)[16]; /*!< Precalculated HTable high. */
+ uint64_t MBEDTLS_PRIVATE(len); /*!< The total length of the encrypted data. */
+ uint64_t MBEDTLS_PRIVATE(add_len); /*!< The total length of the additional data. */
+ unsigned char MBEDTLS_PRIVATE(base_ectr)[16]; /*!< The first ECTR for tag. */
+ unsigned char MBEDTLS_PRIVATE(y)[16]; /*!< The Y working value. */
+ unsigned char MBEDTLS_PRIVATE(buf)[16]; /*!< The buf working value. */
+ int MBEDTLS_PRIVATE(mode); /*!< The operation to perform:
#MBEDTLS_GCM_ENCRYPT or
#MBEDTLS_GCM_DECRYPT. */
}
diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h
index 1ab3422..164a4f7 100644
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@@ -25,6 +25,7 @@
*/
#ifndef MBEDTLS_HMAC_DRBG_H
#define MBEDTLS_HMAC_DRBG_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -86,19 +87,19 @@
{
/* Working state: the key K is not stored explicitly,
* but is implied by the HMAC context */
- mbedtls_md_context_t md_ctx; /*!< HMAC context (inc. K) */
- unsigned char V[MBEDTLS_MD_MAX_SIZE]; /*!< V in the spec */
- int reseed_counter; /*!< reseed counter */
+ mbedtls_md_context_t MBEDTLS_PRIVATE(md_ctx); /*!< HMAC context (inc. K) */
+ unsigned char MBEDTLS_PRIVATE(V)[MBEDTLS_MD_MAX_SIZE]; /*!< V in the spec */
+ int MBEDTLS_PRIVATE(reseed_counter); /*!< reseed counter */
/* Administrative state */
- size_t entropy_len; /*!< entropy bytes grabbed on each (re)seed */
- int prediction_resistance; /*!< enable prediction resistance (Automatic
+ size_t MBEDTLS_PRIVATE(entropy_len); /*!< entropy bytes grabbed on each (re)seed */
+ int MBEDTLS_PRIVATE(prediction_resistance); /*!< enable prediction resistance (Automatic
reseed before every random generation) */
- int reseed_interval; /*!< reseed interval */
+ int MBEDTLS_PRIVATE(reseed_interval); /*!< reseed interval */
/* Callbacks */
- int (*f_entropy)(void *, unsigned char *, size_t); /*!< entropy function */
- void *p_entropy; /*!< context for the entropy function */
+ int (*MBEDTLS_PRIVATE(f_entropy))(void *, unsigned char *, size_t); /*!< entropy function */
+ void *MBEDTLS_PRIVATE(p_entropy); /*!< context for the entropy function */
#if defined(MBEDTLS_THREADING_C)
/* Invariant: the mutex is initialized if and only if
@@ -109,7 +110,7 @@
* Note that this invariant may change without notice. Do not rely on it
* and do not access the mutex directly in application code.
*/
- mbedtls_threading_mutex_t mutex;
+ mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
#endif
} mbedtls_hmac_drbg_context;
@@ -294,8 +295,8 @@
* \return \c 0 on success, or an error from the underlying
* hash calculation.
*/
-int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx,
- const unsigned char *additional, size_t add_len );
+int mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
+ const unsigned char *additional, size_t add_len );
/**
* \brief This function reseeds the HMAC_DRBG context, that is
diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
index fbc3b47..21dc7c4 100644
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@@ -24,6 +24,7 @@
#ifndef MBEDTLS_MD_H
#define MBEDTLS_MD_H
+#include "mbedtls/private_access.h"
#include <stddef.h>
@@ -93,13 +94,13 @@
typedef struct mbedtls_md_context_t
{
/** Information about the associated message digest. */
- const mbedtls_md_info_t *md_info;
+ const mbedtls_md_info_t *MBEDTLS_PRIVATE(md_info);
/** The digest-specific context. */
- void *md_ctx;
+ void *MBEDTLS_PRIVATE(md_ctx);
/** The HMAC part of the context. */
- void *hmac_ctx;
+ void *MBEDTLS_PRIVATE(hmac_ctx);
} mbedtls_md_context_t;
/**
diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h
index 950afa2..efb11ff 100644
--- a/include/mbedtls/md2.h
+++ b/include/mbedtls/md2.h
@@ -26,6 +26,7 @@
*/
#ifndef MBEDTLS_MD2_H
#define MBEDTLS_MD2_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -53,10 +54,10 @@
*/
typedef struct mbedtls_md2_context
{
- unsigned char cksum[16]; /*!< checksum of the data block */
- unsigned char state[48]; /*!< intermediate digest state */
- unsigned char buffer[16]; /*!< data block being processed */
- size_t left; /*!< amount of data in buffer */
+ unsigned char MBEDTLS_PRIVATE(cksum)[16]; /*!< checksum of the data block */
+ unsigned char MBEDTLS_PRIVATE(state)[48]; /*!< intermediate digest state */
+ unsigned char MBEDTLS_PRIVATE(buffer)[16]; /*!< data block being processed */
+ size_t MBEDTLS_PRIVATE(left); /*!< amount of data in buffer */
}
mbedtls_md2_context;
@@ -114,7 +115,7 @@
* stronger message digests instead.
*
*/
-int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx );
+int mbedtls_md2_starts( mbedtls_md2_context *ctx );
/**
* \brief MD2 process buffer
@@ -130,9 +131,9 @@
* stronger message digests instead.
*
*/
-int mbedtls_md2_update_ret( mbedtls_md2_context *ctx,
- const unsigned char *input,
- size_t ilen );
+int mbedtls_md2_update( mbedtls_md2_context *ctx,
+ const unsigned char *input,
+ size_t ilen );
/**
* \brief MD2 final digest
@@ -147,8 +148,8 @@
* stronger message digests instead.
*
*/
-int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx,
- unsigned char output[16] );
+int mbedtls_md2_finish( mbedtls_md2_context *ctx,
+ unsigned char output[16] );
/**
* \brief MD2 process data block (internal use only)
@@ -176,9 +177,9 @@
* stronger message digests instead.
*
*/
-int mbedtls_md2_ret( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] );
+int mbedtls_md2( const unsigned char *input,
+ size_t ilen,
+ unsigned char output[16] );
#if defined(MBEDTLS_SELF_TEST)
diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h
index f9e3987..14f3bc3 100644
--- a/include/mbedtls/md4.h
+++ b/include/mbedtls/md4.h
@@ -26,6 +26,7 @@
*/
#ifndef MBEDTLS_MD4_H
#define MBEDTLS_MD4_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -54,9 +55,9 @@
*/
typedef struct mbedtls_md4_context
{
- uint32_t total[2]; /*!< number of bytes processed */
- uint32_t state[4]; /*!< intermediate digest state */
- unsigned char buffer[64]; /*!< data block being processed */
+ uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */
+ uint32_t MBEDTLS_PRIVATE(state)[4]; /*!< intermediate digest state */
+ unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed */
}
mbedtls_md4_context;
@@ -113,7 +114,7 @@
* constitutes a security risk. We recommend considering
* stronger message digests instead.
*/
-int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx );
+int mbedtls_md4_starts( mbedtls_md4_context *ctx );
/**
* \brief MD4 process buffer
@@ -129,9 +130,9 @@
* stronger message digests instead.
*
*/
-int mbedtls_md4_update_ret( mbedtls_md4_context *ctx,
- const unsigned char *input,
- size_t ilen );
+int mbedtls_md4_update( mbedtls_md4_context *ctx,
+ const unsigned char *input,
+ size_t ilen );
/**
* \brief MD4 final digest
@@ -146,8 +147,8 @@
* stronger message digests instead.
*
*/
-int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx,
- unsigned char output[16] );
+int mbedtls_md4_finish( mbedtls_md4_context *ctx,
+ unsigned char output[16] );
/**
* \brief MD4 process data block (internal use only)
@@ -179,9 +180,9 @@
* stronger message digests instead.
*
*/
-int mbedtls_md4_ret( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] );
+int mbedtls_md4( const unsigned char *input,
+ size_t ilen,
+ unsigned char output[16] );
#if defined(MBEDTLS_SELF_TEST)
diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h
index 71a41dc..6ef3591 100644
--- a/include/mbedtls/md5.h
+++ b/include/mbedtls/md5.h
@@ -25,6 +25,7 @@
*/
#ifndef MBEDTLS_MD5_H
#define MBEDTLS_MD5_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -53,9 +54,9 @@
*/
typedef struct mbedtls_md5_context
{
- uint32_t total[2]; /*!< number of bytes processed */
- uint32_t state[4]; /*!< intermediate digest state */
- unsigned char buffer[64]; /*!< data block being processed */
+ uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */
+ uint32_t MBEDTLS_PRIVATE(state)[4]; /*!< intermediate digest state */
+ unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed */
}
mbedtls_md5_context;
@@ -113,7 +114,7 @@
* stronger message digests instead.
*
*/
-int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx );
+int mbedtls_md5_starts( mbedtls_md5_context *ctx );
/**
* \brief MD5 process buffer
@@ -129,9 +130,9 @@
* stronger message digests instead.
*
*/
-int mbedtls_md5_update_ret( mbedtls_md5_context *ctx,
- const unsigned char *input,
- size_t ilen );
+int mbedtls_md5_update( mbedtls_md5_context *ctx,
+ const unsigned char *input,
+ size_t ilen );
/**
* \brief MD5 final digest
@@ -146,8 +147,8 @@
* stronger message digests instead.
*
*/
-int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx,
- unsigned char output[16] );
+int mbedtls_md5_finish( mbedtls_md5_context *ctx,
+ unsigned char output[16] );
/**
* \brief MD5 process data block (internal use only)
@@ -179,9 +180,9 @@
* stronger message digests instead.
*
*/
-int mbedtls_md5_ret( const unsigned char *input,
- size_t ilen,
- unsigned char output[16] );
+int mbedtls_md5( const unsigned char *input,
+ size_t ilen,
+ unsigned char output[16] );
#if defined(MBEDTLS_SELF_TEST)
diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h
index 319f4be..502b9f4 100644
--- a/include/mbedtls/net_sockets.h
+++ b/include/mbedtls/net_sockets.h
@@ -37,6 +37,7 @@
*/
#ifndef MBEDTLS_NET_SOCKETS_H
#define MBEDTLS_NET_SOCKETS_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -84,7 +85,7 @@
*/
typedef struct mbedtls_net_context
{
- int fd; /**< The underlying file descriptor */
+ int MBEDTLS_PRIVATE(fd); /**< The underlying file descriptor */
}
mbedtls_net_context;
diff --git a/include/mbedtls/nist_kw.h b/include/mbedtls/nist_kw.h
index 7f3e64a..c537b58 100644
--- a/include/mbedtls/nist_kw.h
+++ b/include/mbedtls/nist_kw.h
@@ -34,6 +34,7 @@
#ifndef MBEDTLS_NIST_KW_H
#define MBEDTLS_NIST_KW_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -65,7 +66,7 @@
* Don't make any assumptions on this context!
*/
typedef struct {
- mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */
} mbedtls_nist_kw_context;
#else /* MBEDTLS_NIST_key wrapping_ALT */
diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h
index 4198eb1..c866ebe 100644
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_OID_H
#define MBEDTLS_OID_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -145,6 +146,7 @@
#define MBEDTLS_OID_AT_DN_QUALIFIER MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
#define MBEDTLS_OID_AT_PSEUDONYM MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
+#define MBEDTLS_OID_UID "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x01" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) uid(1)} */
#define MBEDTLS_OID_DOMAIN_COMPONENT "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */
/*
@@ -439,11 +441,11 @@
*/
typedef struct mbedtls_oid_descriptor_t
{
- const char *asn1; /*!< OID ASN.1 representation */
- size_t asn1_len; /*!< length of asn1 */
+ const char *MBEDTLS_PRIVATE(asn1); /*!< OID ASN.1 representation */
+ size_t MBEDTLS_PRIVATE(asn1_len); /*!< length of asn1 */
#if !defined(MBEDTLS_X509_REMOVE_INFO)
- const char *name; /*!< official name (e.g. from RFC) */
- const char *description; /*!< human friendly description */
+ const char *MBEDTLS_PRIVATE(name); /*!< official name (e.g. from RFC) */
+ const char *MBEDTLS_PRIVATE(description); /*!< human friendly description */
#endif
} mbedtls_oid_descriptor_t;
diff --git a/include/mbedtls/pem.h b/include/mbedtls/pem.h
index 4769bec..9242da6 100644
--- a/include/mbedtls/pem.h
+++ b/include/mbedtls/pem.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_PEM_H
#define MBEDTLS_PEM_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -57,9 +58,9 @@
*/
typedef struct mbedtls_pem_context
{
- unsigned char *buf; /*!< buffer for decoded data */
- size_t buflen; /*!< length of the buffer */
- unsigned char *info; /*!< buffer for extra header information */
+ unsigned char *MBEDTLS_PRIVATE(buf); /*!< buffer for decoded data */
+ size_t MBEDTLS_PRIVATE(buflen); /*!< length of the buffer */
+ unsigned char *MBEDTLS_PRIVATE(info); /*!< buffer for extra header information */
}
mbedtls_pem_context;
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 25f02ff..85bf7c9 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -22,6 +22,7 @@
#ifndef MBEDTLS_PK_H
#define MBEDTLS_PK_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -91,8 +92,8 @@
*/
typedef struct mbedtls_pk_rsassa_pss_options
{
- mbedtls_md_type_t mgf1_hash_id;
- int expected_salt_len;
+ mbedtls_md_type_t MBEDTLS_PRIVATE(mgf1_hash_id);
+ int MBEDTLS_PRIVATE(expected_salt_len);
} mbedtls_pk_rsassa_pss_options;
@@ -163,9 +164,9 @@
*/
typedef struct mbedtls_pk_debug_item
{
- mbedtls_pk_debug_type type;
- const char *name;
- void *value;
+ mbedtls_pk_debug_type MBEDTLS_PRIVATE(type);
+ const char *MBEDTLS_PRIVATE(name);
+ void *MBEDTLS_PRIVATE(value);
} mbedtls_pk_debug_item;
/** Maximum number of item send for debugging, plus 1 */
@@ -181,8 +182,8 @@
*/
typedef struct mbedtls_pk_context
{
- const mbedtls_pk_info_t * pk_info; /**< Public key information */
- void * pk_ctx; /**< Underlying public key context */
+ const mbedtls_pk_info_t * MBEDTLS_PRIVATE(pk_info); /**< Public key information */
+ void * MBEDTLS_PRIVATE(pk_ctx); /**< Underlying public key context */
} mbedtls_pk_context;
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
@@ -191,8 +192,8 @@
*/
typedef struct
{
- const mbedtls_pk_info_t * pk_info; /**< Public key information */
- void * rs_ctx; /**< Underlying restart context */
+ const mbedtls_pk_info_t * MBEDTLS_PRIVATE(pk_info); /**< Public key information */
+ void * MBEDTLS_PRIVATE(rs_ctx); /**< Underlying restart context */
} mbedtls_pk_restart_ctx;
#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
/* Now we can declare functions that take a pointer to that */
@@ -208,7 +209,7 @@
*/
static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
{
- return( (mbedtls_rsa_context *) (pk).pk_ctx );
+ return( (mbedtls_rsa_context *) (pk).MBEDTLS_PRIVATE(pk_ctx) );
}
#endif /* MBEDTLS_RSA_C */
@@ -221,7 +222,7 @@
*/
static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
{
- return( (mbedtls_ecp_keypair *) (pk).pk_ctx );
+ return( (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx) );
}
#endif /* MBEDTLS_ECP_C */
diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h
index c944732..c50d7d2 100644
--- a/include/mbedtls/platform.h
+++ b/include/mbedtls/platform.h
@@ -30,6 +30,7 @@
*/
#ifndef MBEDTLS_PLATFORM_H
#define MBEDTLS_PLATFORM_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -367,7 +368,7 @@
*/
typedef struct mbedtls_platform_context
{
- char dummy; /**< A placeholder member, as empty structs are not portable. */
+ char MBEDTLS_PRIVATE(dummy); /**< A placeholder member, as empty structs are not portable. */
}
mbedtls_platform_context;
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index fbc2a0d..6d9cfec 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -39,78 +39,10 @@
extern "C" {
#endif
-#if defined(MBEDTLS_CHECK_PARAMS)
-
-#if defined(MBEDTLS_CHECK_PARAMS_ASSERT)
-/* Allow the user to define MBEDTLS_PARAM_FAILED to something like assert
- * (which is what our config.h suggests). */
-#include <assert.h>
-#endif /* MBEDTLS_CHECK_PARAMS_ASSERT */
-
-#if defined(MBEDTLS_PARAM_FAILED)
-/** An alternative definition of MBEDTLS_PARAM_FAILED has been set in config.h.
- *
- * This flag can be used to check whether it is safe to assume that
- * MBEDTLS_PARAM_FAILED() will expand to a call to mbedtls_param_failed().
- */
-#define MBEDTLS_PARAM_FAILED_ALT
-
-#elif defined(MBEDTLS_CHECK_PARAMS_ASSERT)
-#define MBEDTLS_PARAM_FAILED( cond ) assert( cond )
-#define MBEDTLS_PARAM_FAILED_ALT
-
-#else /* MBEDTLS_PARAM_FAILED */
-#define MBEDTLS_PARAM_FAILED( cond ) \
- mbedtls_param_failed( #cond, __FILE__, __LINE__ )
-
-/**
- * \brief User supplied callback function for parameter validation failure.
- * See #MBEDTLS_CHECK_PARAMS for context.
- *
- * This function will be called unless an alternative treatement
- * is defined through the #MBEDTLS_PARAM_FAILED macro.
- *
- * This function can return, and the operation will be aborted, or
- * alternatively, through use of setjmp()/longjmp() can resume
- * execution in the application code.
- *
- * \param failure_condition The assertion that didn't hold.
- * \param file The file where the assertion failed.
- * \param line The line in the file where the assertion failed.
- */
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line );
-#endif /* MBEDTLS_PARAM_FAILED */
-
-/* Internal macro meant to be called only from within the library. */
-#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) \
- do { \
- if( !(cond) ) \
- { \
- MBEDTLS_PARAM_FAILED( cond ); \
- return( ret ); \
- } \
- } while( 0 )
-
-/* Internal macro meant to be called only from within the library. */
-#define MBEDTLS_INTERNAL_VALIDATE( cond ) \
- do { \
- if( !(cond) ) \
- { \
- MBEDTLS_PARAM_FAILED( cond ); \
- return; \
- } \
- } while( 0 )
-
-#else /* MBEDTLS_CHECK_PARAMS */
-
/* Internal macros meant to be called only from within the library. */
#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 )
#define MBEDTLS_INTERNAL_VALIDATE( cond ) do { } while( 0 )
-#endif /* MBEDTLS_CHECK_PARAMS */
-
/* Internal helper macros for deprecating API constants. */
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
#if defined(MBEDTLS_DEPRECATED_WARNING)
diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h
index 1767f58..4d25385 100644
--- a/include/mbedtls/poly1305.h
+++ b/include/mbedtls/poly1305.h
@@ -31,6 +31,7 @@
#ifndef MBEDTLS_POLY1305_H
#define MBEDTLS_POLY1305_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -51,11 +52,11 @@
typedef struct mbedtls_poly1305_context
{
- uint32_t r[4]; /** The value for 'r' (low 128 bits of the key). */
- uint32_t s[4]; /** The value for 's' (high 128 bits of the key). */
- uint32_t acc[5]; /** The accumulator number. */
- uint8_t queue[16]; /** The current partial block of data. */
- size_t queue_len; /** The number of bytes stored in 'queue'. */
+ uint32_t MBEDTLS_PRIVATE(r)[4]; /** The value for 'r' (low 128 bits of the key). */
+ uint32_t MBEDTLS_PRIVATE(s)[4]; /** The value for 's' (high 128 bits of the key). */
+ uint32_t MBEDTLS_PRIVATE(acc)[5]; /** The accumulator number. */
+ uint8_t MBEDTLS_PRIVATE(queue)[16]; /** The current partial block of data. */
+ size_t MBEDTLS_PRIVATE(queue_len); /** The number of bytes stored in 'queue'. */
}
mbedtls_poly1305_context;
diff --git a/include/mbedtls/private_access.h b/include/mbedtls/private_access.h
new file mode 100644
index 0000000..98d3419
--- /dev/null
+++ b/include/mbedtls/private_access.h
@@ -0,0 +1,32 @@
+ /**
+ * \file private_access.h
+ *
+ * \brief Macro wrapper for struct's memebrs.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef MBEDTLS_PRIVATE_ACCESS_H
+#define MBEDTLS_PRIVATE_ACCESS_H
+
+#ifndef MBEDTLS_ALLOW_PRIVATE_ACCESS
+#define MBEDTLS_PRIVATE(member) private_##member
+#else
+#define MBEDTLS_PRIVATE(member) member
+#endif
+
+#endif /* MBEDTLS_PRIVATE_ACCESS_H */
diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index 75fcdac..d5feecb 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -25,6 +25,7 @@
#ifndef MBEDTLS_PSA_UTIL_H
#define MBEDTLS_PSA_UTIL_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -380,7 +381,7 @@
if( curve_info == NULL )
return( 0 );
return( PSA_KEY_TYPE_ECC_KEY_PAIR(
- mbedtls_ecc_group_to_psa( curve_info->grp_id, bits ) ) );
+ mbedtls_ecc_group_to_psa( curve_info->MBEDTLS_PRIVATE(grp_id), bits ) ) );
}
#endif /* MBEDTLS_ECP_C */
diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h
index 1c72d60..f12f434 100644
--- a/include/mbedtls/ripemd160.h
+++ b/include/mbedtls/ripemd160.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_RIPEMD160_H
#define MBEDTLS_RIPEMD160_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -44,9 +45,9 @@
*/
typedef struct mbedtls_ripemd160_context
{
- uint32_t total[2]; /*!< number of bytes processed */
- uint32_t state[5]; /*!< intermediate digest state */
- unsigned char buffer[64]; /*!< data block being processed */
+ uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */
+ uint32_t MBEDTLS_PRIVATE(state)[5]; /*!< intermediate digest state */
+ unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed */
}
mbedtls_ripemd160_context;
@@ -84,7 +85,7 @@
*
* \return 0 if successful
*/
-int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx );
+int mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx );
/**
* \brief RIPEMD-160 process buffer
@@ -95,9 +96,9 @@
*
* \return 0 if successful
*/
-int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx,
- const unsigned char *input,
- size_t ilen );
+int mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx,
+ const unsigned char *input,
+ size_t ilen );
/**
* \brief RIPEMD-160 final digest
@@ -107,8 +108,8 @@
*
* \return 0 if successful
*/
-int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx,
- unsigned char output[20] );
+int mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx,
+ unsigned char output[20] );
/**
* \brief RIPEMD-160 process data block (internal use only)
@@ -130,9 +131,9 @@
*
* \return 0 if successful
*/
-int mbedtls_ripemd160_ret( const unsigned char *input,
- size_t ilen,
- unsigned char output[20] );
+int mbedtls_ripemd160( const unsigned char *input,
+ size_t ilen,
+ unsigned char output[20] );
#if defined(MBEDTLS_SELF_TEST)
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index ba00bff..f29a0aa 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -27,6 +27,7 @@
*/
#ifndef MBEDTLS_RSA_H
#define MBEDTLS_RSA_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -81,48 +82,44 @@
/**
* \brief The RSA context structure.
- *
- * \note Direct manipulation of the members of this structure
- * is deprecated. All manipulation should instead be done through
- * the public interface functions.
*/
typedef struct mbedtls_rsa_context
{
- int ver; /*!< Reserved for internal purposes.
+ int MBEDTLS_PRIVATE(ver); /*!< Reserved for internal purposes.
* Do not set this field in application
* code. Its meaning might change without
* notice. */
- size_t len; /*!< The size of \p N in Bytes. */
+ size_t MBEDTLS_PRIVATE(len); /*!< The size of \p N in Bytes. */
- mbedtls_mpi N; /*!< The public modulus. */
- mbedtls_mpi E; /*!< The public exponent. */
+ mbedtls_mpi MBEDTLS_PRIVATE(N); /*!< The public modulus. */
+ mbedtls_mpi MBEDTLS_PRIVATE(E); /*!< The public exponent. */
- mbedtls_mpi D; /*!< The private exponent. */
- mbedtls_mpi P; /*!< The first prime factor. */
- mbedtls_mpi Q; /*!< The second prime factor. */
+ mbedtls_mpi MBEDTLS_PRIVATE(D); /*!< The private exponent. */
+ mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The first prime factor. */
+ mbedtls_mpi MBEDTLS_PRIVATE(Q); /*!< The second prime factor. */
- mbedtls_mpi DP; /*!< <code>D % (P - 1)</code>. */
- mbedtls_mpi DQ; /*!< <code>D % (Q - 1)</code>. */
- mbedtls_mpi QP; /*!< <code>1 / (Q % P)</code>. */
+ mbedtls_mpi MBEDTLS_PRIVATE(DP); /*!< <code>D % (P - 1)</code>. */
+ mbedtls_mpi MBEDTLS_PRIVATE(DQ); /*!< <code>D % (Q - 1)</code>. */
+ mbedtls_mpi MBEDTLS_PRIVATE(QP); /*!< <code>1 / (Q % P)</code>. */
- mbedtls_mpi RN; /*!< cached <code>R^2 mod N</code>. */
+ mbedtls_mpi MBEDTLS_PRIVATE(RN); /*!< cached <code>R^2 mod N</code>. */
- mbedtls_mpi RP; /*!< cached <code>R^2 mod P</code>. */
- mbedtls_mpi RQ; /*!< cached <code>R^2 mod Q</code>. */
+ mbedtls_mpi MBEDTLS_PRIVATE(RP); /*!< cached <code>R^2 mod P</code>. */
+ mbedtls_mpi MBEDTLS_PRIVATE(RQ); /*!< cached <code>R^2 mod Q</code>. */
- mbedtls_mpi Vi; /*!< The cached blinding value. */
- mbedtls_mpi Vf; /*!< The cached un-blinding value. */
+ mbedtls_mpi MBEDTLS_PRIVATE(Vi); /*!< The cached blinding value. */
+ mbedtls_mpi MBEDTLS_PRIVATE(Vf); /*!< The cached un-blinding value. */
- int padding; /*!< Selects padding mode:
+ int MBEDTLS_PRIVATE(padding); /*!< Selects padding mode:
#MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
#MBEDTLS_RSA_PKCS_V21 for OAEP or PSS. */
- int hash_id; /*!< Hash identifier of mbedtls_md_type_t type,
+ int MBEDTLS_PRIVATE(hash_id); /*!< Hash identifier of mbedtls_md_type_t type,
as specified in md.h for use in the MGF
mask generating function used in the
EME-OAEP and EMSA-PSS encodings. */
#if defined(MBEDTLS_THREADING_C)
/* Invariant: the mutex is initialized iff ver != 0. */
- mbedtls_threading_mutex_t mutex; /*!< Thread-safety mutex. */
+ mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< Thread-safety mutex. */
#endif
}
mbedtls_rsa_context;
@@ -134,33 +131,51 @@
/**
* \brief This function initializes an RSA context.
*
+ * \note This function initializes the padding and the hash
+ * identifier to respectively #MBEDTLS_RSA_PKCS_V15 and
+ * #MBEDTLS_MD_NONE. See mbedtls_rsa_set_padding() for more
+ * information about those parameters.
+ *
+ * \param ctx The RSA context to initialize. This must not be \c NULL.
+ */
+void mbedtls_rsa_init( mbedtls_rsa_context *ctx );
+
+/**
+ * \brief This function sets padding for an already initialized RSA
+ * context.
+ *
* \note Set padding to #MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP
* encryption scheme and the RSASSA-PSS signature scheme.
*
* \note The \p hash_id parameter is ignored when using
* #MBEDTLS_RSA_PKCS_V15 padding.
*
- * \note The choice of padding mode is strictly enforced for private key
- * operations, since there might be security concerns in
+ * \note The choice of padding mode is strictly enforced for private
+ * key operations, since there might be security concerns in
* mixing padding modes. For public key operations it is
* a default value, which can be overridden by calling specific
- * \c rsa_rsaes_xxx or \c rsa_rsassa_xxx functions.
+ * \c mbedtls_rsa_rsaes_xxx or \c mbedtls_rsa_rsassa_xxx
+ * functions.
*
* \note The hash selected in \p hash_id is always used for OEAP
* encryption. For PSS signatures, it is always used for
* making signatures, but can be overridden for verifying them.
* If set to #MBEDTLS_MD_NONE, it is always overridden.
*
- * \param ctx The RSA context to initialize. This must not be \c NULL.
+ * \param ctx The initialized RSA context to be configured.
* \param padding The padding mode to use. This must be either
* #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21.
- * \param hash_id The hash identifier of ::mbedtls_md_type_t type, if
- * \p padding is #MBEDTLS_RSA_PKCS_V21. It is unused
- * otherwise.
+ * \param hash_id The hash identifier for PSS or OAEP, if \p padding is
+ * #MBEDTLS_RSA_PKCS_V21. #MBEDTLS_MD_NONE is accepted by this
+ * function but may be not suitable for some operations.
+ * Ignored if \p padding is #MBEDTLS_RSA_PKCS_V15.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_RSA_INVALID_PADDING failure:
+ * \p padding or \p hash_id is invalid.
*/
-void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
- int padding,
- int hash_id );
+int mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
+ mbedtls_md_type_t hash_id );
/**
* \brief This function imports a set of core parameters into an
@@ -392,18 +407,6 @@
mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP );
/**
- * \brief This function sets padding for an already initialized RSA
- * context. See mbedtls_rsa_init() for details.
- *
- * \param ctx The initialized RSA context to be configured.
- * \param padding The padding mode to use. This must be either
- * #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21.
- * \param hash_id The #MBEDTLS_RSA_PKCS_V21 hash identifier.
- */
-void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
- int hash_id );
-
-/**
* \brief This function retrieves the length of RSA modulus in Bytes.
*
* \param ctx The initialized RSA context.
diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h
index 56ff948..0975e2d 100644
--- a/include/mbedtls/sha1.h
+++ b/include/mbedtls/sha1.h
@@ -28,6 +28,7 @@
*/
#ifndef MBEDTLS_SHA1_H
#define MBEDTLS_SHA1_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -58,9 +59,9 @@
*/
typedef struct mbedtls_sha1_context
{
- uint32_t total[2]; /*!< The number of Bytes processed. */
- uint32_t state[5]; /*!< The intermediate digest state. */
- unsigned char buffer[64]; /*!< The data block being processed. */
+ uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
+ uint32_t MBEDTLS_PRIVATE(state)[5]; /*!< The intermediate digest state. */
+ unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being processed. */
}
mbedtls_sha1_context;
@@ -123,7 +124,7 @@
* \return A negative error code on failure.
*
*/
-int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx );
+int mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
/**
* \brief This function feeds an input buffer into an ongoing SHA-1
@@ -142,9 +143,9 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
- const unsigned char *input,
- size_t ilen );
+int mbedtls_sha1_update( mbedtls_sha1_context *ctx,
+ const unsigned char *input,
+ size_t ilen );
/**
* \brief This function finishes the SHA-1 operation, and writes
@@ -162,8 +163,8 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
- unsigned char output[20] );
+int mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
+ unsigned char output[20] );
/**
* \brief SHA-1 process data block (internal use only).
@@ -206,9 +207,9 @@
* \return A negative error code on failure.
*
*/
-int mbedtls_sha1_ret( const unsigned char *input,
- size_t ilen,
- unsigned char output[20] );
+int mbedtls_sha1( const unsigned char *input,
+ size_t ilen,
+ unsigned char output[20] );
#if defined(MBEDTLS_SELF_TEST)
diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h
index 22c2c7d..76bed43 100644
--- a/include/mbedtls/sha256.h
+++ b/include/mbedtls/sha256.h
@@ -24,6 +24,7 @@
*/
#ifndef MBEDTLS_SHA256_H
#define MBEDTLS_SHA256_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -49,14 +50,14 @@
*
* The structure is used both for SHA-256 and for SHA-224
* checksum calculations. The choice between these two is
- * made in the call to mbedtls_sha256_starts_ret().
+ * made in the call to mbedtls_sha256_starts().
*/
typedef struct mbedtls_sha256_context
{
- uint32_t total[2]; /*!< The number of Bytes processed. */
- uint32_t state[8]; /*!< The intermediate digest state. */
- unsigned char buffer[64]; /*!< The data block being processed. */
- int is224; /*!< Determines which function to use:
+ uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
+ uint32_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */
+ unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being processed. */
+ int MBEDTLS_PRIVATE(is224); /*!< Determines which function to use:
0: Use SHA-256, or 1: Use SHA-224. */
}
mbedtls_sha256_context;
@@ -101,7 +102,7 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 );
+int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 );
/**
* \brief This function feeds an input buffer into an ongoing
@@ -116,9 +117,9 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
- const unsigned char *input,
- size_t ilen );
+int mbedtls_sha256_update( mbedtls_sha256_context *ctx,
+ const unsigned char *input,
+ size_t ilen );
/**
* \brief This function finishes the SHA-256 operation, and writes
@@ -133,8 +134,8 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
- unsigned char *output );
+int mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
+ unsigned char *output );
/**
* \brief This function processes a single data block within
@@ -170,10 +171,10 @@
* \param is224 Determines which function to use. This must be
* either \c 0 for SHA-256, or \c 1 for SHA-224.
*/
-int mbedtls_sha256_ret( const unsigned char *input,
- size_t ilen,
- unsigned char *output,
- int is224 );
+int mbedtls_sha256( const unsigned char *input,
+ size_t ilen,
+ unsigned char *output,
+ int is224 );
#if defined(MBEDTLS_SELF_TEST)
diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h
index 04222f4..00d8338 100644
--- a/include/mbedtls/sha512.h
+++ b/include/mbedtls/sha512.h
@@ -23,6 +23,7 @@
*/
#ifndef MBEDTLS_SHA512_H
#define MBEDTLS_SHA512_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -48,16 +49,16 @@
*
* The structure is used both for SHA-384 and for SHA-512
* checksum calculations. The choice between these two is
- * made in the call to mbedtls_sha512_starts_ret().
+ * made in the call to mbedtls_sha512_starts().
*/
typedef struct mbedtls_sha512_context
{
- uint64_t total[2]; /*!< The number of Bytes processed. */
- uint64_t state[8]; /*!< The intermediate digest state. */
- unsigned char buffer[128]; /*!< The data block being processed. */
+ uint64_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
+ uint64_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */
+ unsigned char MBEDTLS_PRIVATE(buffer)[128]; /*!< The data block being processed. */
#if defined(MBEDTLS_SHA384_C)
- int is384; /*!< Determines which function to use:
- 0: Use SHA-512, or 1: Use SHA-384. */
+ int MBEDTLS_PRIVATE(is384); /*!< Determines which function to use:
+ 0: Use SHA-512, or 1: Use SHA-384. */
#endif
}
mbedtls_sha512_context;
@@ -108,7 +109,7 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 );
+int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 );
/**
* \brief This function feeds an input buffer into an ongoing
@@ -123,9 +124,9 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx,
- const unsigned char *input,
- size_t ilen );
+int mbedtls_sha512_update( mbedtls_sha512_context *ctx,
+ const unsigned char *input,
+ size_t ilen );
/**
* \brief This function finishes the SHA-512 operation, and writes
@@ -140,8 +141,8 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx,
- unsigned char *output );
+int mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
+ unsigned char *output );
/**
* \brief This function processes a single data block within
@@ -184,10 +185,10 @@
* \return \c 0 on success.
* \return A negative error code on failure.
*/
-int mbedtls_sha512_ret( const unsigned char *input,
- size_t ilen,
- unsigned char *output,
- int is384 );
+int mbedtls_sha512( const unsigned char *input,
+ size_t ilen,
+ unsigned char *output,
+ int is384 );
#if defined(MBEDTLS_SELF_TEST)
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index bdc2b47..b2f5c67 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_SSL_H
#define MBEDTLS_SSL_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -125,14 +126,10 @@
*/
/* These are the high an low bytes of ProtocolVersion as defined by:
- * - RFC 2246: ProtocolVersion version = { 3, 1 }; // TLS v1.0
- * - RFC 4346: ProtocolVersion version = { 3, 2 }; // TLS v1.1
* - RFC 5246: ProtocolVersion version = { 3, 3 }; // TLS v1.2
* - RFC 8446: see section 4.2.1
*/
#define MBEDTLS_SSL_MAJOR_VERSION_3 3
-#define MBEDTLS_SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 deprecated */
-#define MBEDTLS_SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 deprecated */
#define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
#define MBEDTLS_SSL_MINOR_VERSION_4 4 /*!< TLS v1.3 (experimental) */
@@ -204,6 +201,9 @@
#define MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED 0
#define MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED 1
+#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT 1
+#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER 0
+
/*
* Default range for DTLS retransmission timer value, in milliseconds.
* RFC 6347 4.2.4.1 says from 1 second to 60 seconds.
@@ -257,12 +257,8 @@
#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
#endif
-#if !defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY)
-#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16
-#endif
-
-#if !defined(MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY)
-#define MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY 1
+#if !defined(MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY)
+#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
#endif
/* \} name SECTION: Module settings */
@@ -905,11 +901,11 @@
typedef struct mbedtls_dtls_srtp_info_t
{
/*! The SRTP profile that was negotiated. */
- mbedtls_ssl_srtp_profile chosen_dtls_srtp_profile;
+ mbedtls_ssl_srtp_profile MBEDTLS_PRIVATE(chosen_dtls_srtp_profile);
/*! The length of mki_value. */
- uint16_t mki_len;
+ uint16_t MBEDTLS_PRIVATE(mki_len);
/*! The mki_value used, with max size of 256 bytes. */
- unsigned char mki_value[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
+ unsigned char MBEDTLS_PRIVATE(mki_value)[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
}
mbedtls_dtls_srtp_info;
@@ -929,43 +925,43 @@
struct mbedtls_ssl_session
{
#if defined(MBEDTLS_HAVE_TIME)
- mbedtls_time_t start; /*!< starting time */
+ mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< starting time */
#endif
- int ciphersuite; /*!< chosen ciphersuite */
- int compression; /*!< chosen compression */
- size_t id_len; /*!< session id length */
- unsigned char id[32]; /*!< session identifier */
- unsigned char master[48]; /*!< the master secret */
+ int MBEDTLS_PRIVATE(ciphersuite); /*!< chosen ciphersuite */
+ int MBEDTLS_PRIVATE(compression); /*!< chosen compression */
+ size_t MBEDTLS_PRIVATE(id_len); /*!< session id length */
+ unsigned char MBEDTLS_PRIVATE(id)[32]; /*!< session identifier */
+ unsigned char MBEDTLS_PRIVATE(master)[48]; /*!< the master secret */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- mbedtls_x509_crt *peer_cert; /*!< peer X.509 cert chain */
+ mbedtls_x509_crt *MBEDTLS_PRIVATE(peer_cert); /*!< peer X.509 cert chain */
#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
/*! The digest of the peer's end-CRT. This must be kept to detect CRT
* changes during renegotiation, mitigating the triple handshake attack. */
- unsigned char *peer_cert_digest;
- size_t peer_cert_digest_len;
- mbedtls_md_type_t peer_cert_digest_type;
+ unsigned char *MBEDTLS_PRIVATE(peer_cert_digest);
+ size_t MBEDTLS_PRIVATE(peer_cert_digest_len);
+ mbedtls_md_type_t MBEDTLS_PRIVATE(peer_cert_digest_type);
#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
- uint32_t verify_result; /*!< verification result */
+ uint32_t MBEDTLS_PRIVATE(verify_result); /*!< verification result */
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
- unsigned char *ticket; /*!< RFC 5077 session ticket */
- size_t ticket_len; /*!< session ticket length */
- uint32_t ticket_lifetime; /*!< ticket lifetime hint */
+ unsigned char *MBEDTLS_PRIVATE(ticket); /*!< RFC 5077 session ticket */
+ size_t MBEDTLS_PRIVATE(ticket_len); /*!< session ticket length */
+ uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< ticket lifetime hint */
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- unsigned char mfl_code; /*!< MaxFragmentLength negotiated by peer */
+ unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated by peer */
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- int trunc_hmac; /*!< flag for truncated hmac activation */
+ int MBEDTLS_PRIVATE(trunc_hmac); /*!< flag for truncated hmac activation */
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- int encrypt_then_mac; /*!< flag for EtM activation */
+ int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */
#endif
};
@@ -980,117 +976,115 @@
* Pointers
*/
- /** Allowed ciphersuites per version. To access list's elements, please use
- * \c mbedtls_ssl_get_protocol_version_ciphersuites
- */
- const int *ciphersuite_list[3];
+ /** Allowed ciphersuites for (D)TLS 1.2 (0-terminated) */
+ const int *MBEDTLS_PRIVATE(ciphersuite_list);
/** Callback for printing debug output */
- void (*f_dbg)(void *, int, const char *, int, const char *);
- void *p_dbg; /*!< context for the debug function */
+ void (*MBEDTLS_PRIVATE(f_dbg))(void *, int, const char *, int, const char *);
+ void *MBEDTLS_PRIVATE(p_dbg); /*!< context for the debug function */
/** Callback for getting (pseudo-)random numbers */
- int (*f_rng)(void *, unsigned char *, size_t);
- void *p_rng; /*!< context for the RNG function */
+ int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
+ void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */
/** Callback to retrieve a session from the cache */
- mbedtls_ssl_cache_get_t *f_get_cache;
+ mbedtls_ssl_cache_get_t *MBEDTLS_PRIVATE(f_get_cache);
/** Callback to store a session into the cache */
- mbedtls_ssl_cache_set_t *f_set_cache;
- void *p_cache; /*!< context for cache callbacks */
+ mbedtls_ssl_cache_set_t *MBEDTLS_PRIVATE(f_set_cache);
+ void *MBEDTLS_PRIVATE(p_cache); /*!< context for cache callbacks */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
/** Callback for setting cert according to SNI extension */
- int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
- void *p_sni; /*!< context for SNI callback */
+ int (*MBEDTLS_PRIVATE(f_sni))(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
+ void *MBEDTLS_PRIVATE(p_sni); /*!< context for SNI callback */
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/** Callback to customize X.509 certificate chain verification */
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
- void *p_vrfy; /*!< context for X.509 verify calllback */
+ int (*MBEDTLS_PRIVATE(f_vrfy))(void *, mbedtls_x509_crt *, int, uint32_t *);
+ void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify calllback */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
/** Callback to retrieve PSK key from identity */
- int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
- void *p_psk; /*!< context for PSK callback */
+ int (*MBEDTLS_PRIVATE(f_psk))(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
+ void *MBEDTLS_PRIVATE(p_psk); /*!< context for PSK callback */
#endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
/** Callback to create & write a cookie for ClientHello veirifcation */
- int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
+ int (*MBEDTLS_PRIVATE(f_cookie_write))( void *, unsigned char **, unsigned char *,
const unsigned char *, size_t );
/** Callback to verify validity of a ClientHello cookie */
- int (*f_cookie_check)( void *, const unsigned char *, size_t,
+ int (*MBEDTLS_PRIVATE(f_cookie_check))( void *, const unsigned char *, size_t,
const unsigned char *, size_t );
- void *p_cookie; /*!< context for the cookie callbacks */
+ void *MBEDTLS_PRIVATE(p_cookie); /*!< context for the cookie callbacks */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
/** Callback to create & write a session ticket */
- int (*f_ticket_write)( void *, const mbedtls_ssl_session *,
+ int (*MBEDTLS_PRIVATE(f_ticket_write))( void *, const mbedtls_ssl_session *,
unsigned char *, const unsigned char *, size_t *, uint32_t * );
/** Callback to parse a session ticket into a session structure */
- int (*f_ticket_parse)( void *, mbedtls_ssl_session *, unsigned char *, size_t);
- void *p_ticket; /*!< context for the ticket callbacks */
+ int (*MBEDTLS_PRIVATE(f_ticket_parse))( void *, mbedtls_ssl_session *, unsigned char *, size_t);
+ void *MBEDTLS_PRIVATE(p_ticket); /*!< context for the ticket callbacks */
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
/** Callback to export key block and master secret */
- int (*f_export_keys)( void *, const unsigned char *,
+ int (*MBEDTLS_PRIVATE(f_export_keys))( void *, const unsigned char *,
const unsigned char *, size_t, size_t, size_t );
/** Callback to export key block, master secret,
* tls_prf and random bytes. Should replace f_export_keys */
- int (*f_export_keys_ext)( void *, const unsigned char *,
+ int (*MBEDTLS_PRIVATE(f_export_keys_ext))( void *, const unsigned char *,
const unsigned char *, size_t, size_t, size_t,
const unsigned char[32], const unsigned char[32],
mbedtls_tls_prf_types );
- void *p_export_keys; /*!< context for key export callback */
+ void *MBEDTLS_PRIVATE(p_export_keys); /*!< context for key export callback */
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- size_t cid_len; /*!< The length of CIDs for incoming DTLS records. */
+ size_t MBEDTLS_PRIVATE(cid_len); /*!< The length of CIDs for incoming DTLS records. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- const mbedtls_x509_crt_profile *cert_profile; /*!< verification profile */
- mbedtls_ssl_key_cert *key_cert; /*!< own certificate/key pair(s) */
- mbedtls_x509_crt *ca_chain; /*!< trusted CAs */
- mbedtls_x509_crl *ca_crl; /*!< trusted CAs CRLs */
+ const mbedtls_x509_crt_profile *MBEDTLS_PRIVATE(cert_profile); /*!< verification profile */
+ mbedtls_ssl_key_cert *MBEDTLS_PRIVATE(key_cert); /*!< own certificate/key pair(s) */
+ mbedtls_x509_crt *MBEDTLS_PRIVATE(ca_chain); /*!< trusted CAs */
+ mbedtls_x509_crl *MBEDTLS_PRIVATE(ca_crl); /*!< trusted CAs CRLs */
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
- mbedtls_x509_crt_ca_cb_t f_ca_cb;
- void *p_ca_cb;
+ mbedtls_x509_crt_ca_cb_t MBEDTLS_PRIVATE(f_ca_cb);
+ void *MBEDTLS_PRIVATE(p_ca_cb);
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- mbedtls_ssl_async_sign_t *f_async_sign_start; /*!< start asynchronous signature operation */
- mbedtls_ssl_async_decrypt_t *f_async_decrypt_start; /*!< start asynchronous decryption operation */
+ mbedtls_ssl_async_sign_t *MBEDTLS_PRIVATE(f_async_sign_start); /*!< start asynchronous signature operation */
+ mbedtls_ssl_async_decrypt_t *MBEDTLS_PRIVATE(f_async_decrypt_start); /*!< start asynchronous decryption operation */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
- mbedtls_ssl_async_resume_t *f_async_resume; /*!< resume asynchronous operation */
- mbedtls_ssl_async_cancel_t *f_async_cancel; /*!< cancel asynchronous operation */
- void *p_async_config_data; /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */
+ mbedtls_ssl_async_resume_t *MBEDTLS_PRIVATE(f_async_resume); /*!< resume asynchronous operation */
+ mbedtls_ssl_async_cancel_t *MBEDTLS_PRIVATE(f_async_cancel); /*!< cancel asynchronous operation */
+ void *MBEDTLS_PRIVATE(p_async_config_data); /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- const int *sig_hashes; /*!< allowed signature hashes */
+ const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */
#endif
#if defined(MBEDTLS_ECP_C)
- const mbedtls_ecp_group_id *curve_list; /*!< allowed curves */
+ const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves */
#endif
#if defined(MBEDTLS_DHM_C)
- mbedtls_mpi dhm_P; /*!< prime modulus for DHM */
- mbedtls_mpi dhm_G; /*!< generator for DHM */
+ mbedtls_mpi MBEDTLS_PRIVATE(dhm_P); /*!< prime modulus for DHM */
+ mbedtls_mpi MBEDTLS_PRIVATE(dhm_G); /*!< generator for DHM */
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_key_id_t psk_opaque; /*!< PSA key slot holding opaque PSK. This field
+ psa_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque PSK. This field
* should only be set via
* mbedtls_ssl_conf_psk_opaque().
* If either no PSK or a raw PSK have been
@@ -1098,22 +1092,22 @@
*/
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- unsigned char *psk; /*!< The raw pre-shared key. This field should
+ unsigned char *MBEDTLS_PRIVATE(psk); /*!< The raw pre-shared key. This field should
* only be set via mbedtls_ssl_conf_psk().
* If either no PSK or an opaque PSK
* have been configured, this has value NULL. */
- size_t psk_len; /*!< The length of the raw pre-shared key.
+ size_t MBEDTLS_PRIVATE(psk_len); /*!< The length of the raw pre-shared key.
* This field should only be set via
* mbedtls_ssl_conf_psk().
* Its value is non-zero if and only if
* \c psk is not \c NULL. */
- unsigned char *psk_identity; /*!< The PSK identity for PSK negotiation.
+ unsigned char *MBEDTLS_PRIVATE(psk_identity); /*!< The PSK identity for PSK negotiation.
* This field should only be set via
* mbedtls_ssl_conf_psk().
* This is set if and only if either
* \c psk or \c psk_opaque are set. */
- size_t psk_identity_len;/*!< The length of PSK identity.
+ size_t MBEDTLS_PRIVATE(psk_identity_len);/*!< The length of PSK identity.
* This field should only be set via
* mbedtls_ssl_conf_psk().
* Its value is non-zero if and only if
@@ -1122,269 +1116,267 @@
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_SSL_ALPN)
- const char **alpn_list; /*!< ordered list of protocols */
+ const char **MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
/*! ordered list of supported srtp profile */
- const mbedtls_ssl_srtp_profile *dtls_srtp_profile_list;
+ const mbedtls_ssl_srtp_profile *MBEDTLS_PRIVATE(dtls_srtp_profile_list);
/*! number of supported profiles */
- size_t dtls_srtp_profile_list_len;
+ size_t MBEDTLS_PRIVATE(dtls_srtp_profile_list_len);
#endif /* MBEDTLS_SSL_DTLS_SRTP */
/*
* Numerical settings (int then char)
*/
- uint32_t read_timeout; /*!< timeout for mbedtls_ssl_read (ms) */
+ uint32_t MBEDTLS_PRIVATE(read_timeout); /*!< timeout for mbedtls_ssl_read (ms) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint32_t hs_timeout_min; /*!< initial value of the handshake
+ uint32_t MBEDTLS_PRIVATE(hs_timeout_min); /*!< initial value of the handshake
retransmission timeout (ms) */
- uint32_t hs_timeout_max; /*!< maximum value of the handshake
+ uint32_t MBEDTLS_PRIVATE(hs_timeout_max); /*!< maximum value of the handshake
retransmission timeout (ms) */
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- int renego_max_records; /*!< grace period for renegotiation */
- unsigned char renego_period[8]; /*!< value of the record counters
+ int MBEDTLS_PRIVATE(renego_max_records); /*!< grace period for renegotiation */
+ unsigned char MBEDTLS_PRIVATE(renego_period)[8]; /*!< value of the record counters
that triggers renegotiation */
#endif
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
- unsigned int badmac_limit; /*!< limit of records with a bad MAC */
-#endif
+ unsigned int MBEDTLS_PRIVATE(badmac_limit); /*!< limit of records with a bad MAC */
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
- unsigned int dhm_min_bitlen; /*!< min. bit length of the DHM prime */
+ unsigned int MBEDTLS_PRIVATE(dhm_min_bitlen); /*!< min. bit length of the DHM prime */
#endif
- unsigned char max_major_ver; /*!< max. major version used */
- unsigned char max_minor_ver; /*!< max. minor version used */
- unsigned char min_major_ver; /*!< min. major version used */
- unsigned char min_minor_ver; /*!< min. minor version used */
+ unsigned char MBEDTLS_PRIVATE(max_major_ver); /*!< max. major version used */
+ unsigned char MBEDTLS_PRIVATE(max_minor_ver); /*!< max. minor version used */
+ unsigned char MBEDTLS_PRIVATE(min_major_ver); /*!< min. major version used */
+ unsigned char MBEDTLS_PRIVATE(min_minor_ver); /*!< min. minor version used */
/*
* Flags (bitfields)
*/
- unsigned int endpoint : 1; /*!< 0: client, 1: server */
- unsigned int transport : 1; /*!< stream (TLS) or datagram (DTLS) */
- unsigned int authmode : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */
+ unsigned int MBEDTLS_PRIVATE(endpoint) : 1; /*!< 0: client, 1: server */
+ unsigned int MBEDTLS_PRIVATE(transport) : 1; /*!< stream (TLS) or datagram (DTLS) */
+ unsigned int MBEDTLS_PRIVATE(authmode) : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */
/* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */
- unsigned int allow_legacy_renegotiation : 2 ; /*!< MBEDTLS_LEGACY_XXX */
+ unsigned int MBEDTLS_PRIVATE(allow_legacy_renegotiation) : 2 ; /*!< MBEDTLS_LEGACY_XXX */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- unsigned int mfl_code : 3; /*!< desired fragment length */
+ unsigned int MBEDTLS_PRIVATE(mfl_code) : 3; /*!< desired fragment length */
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- unsigned int encrypt_then_mac : 1 ; /*!< negotiate encrypt-then-mac? */
+ unsigned int MBEDTLS_PRIVATE(encrypt_then_mac) : 1 ; /*!< negotiate encrypt-then-mac? */
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
- unsigned int extended_ms : 1; /*!< negotiate extended master secret? */
+ unsigned int MBEDTLS_PRIVATE(extended_ms) : 1; /*!< negotiate extended master secret? */
#endif
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
- unsigned int anti_replay : 1; /*!< detect and prevent replay? */
+ unsigned int MBEDTLS_PRIVATE(anti_replay) : 1; /*!< detect and prevent replay? */
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- unsigned int disable_renegotiation : 1; /*!< disable renegotiation? */
+ unsigned int MBEDTLS_PRIVATE(disable_renegotiation) : 1; /*!< disable renegotiation? */
#endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- unsigned int trunc_hmac : 1; /*!< negotiate truncated hmac? */
+ unsigned int MBEDTLS_PRIVATE(trunc_hmac) : 1; /*!< negotiate truncated hmac? */
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- unsigned int session_tickets : 1; /*!< use session tickets? */
+ unsigned int MBEDTLS_PRIVATE(session_tickets) : 1; /*!< use session tickets? */
#endif
#if defined(MBEDTLS_SSL_SRV_C)
- unsigned int cert_req_ca_list : 1; /*!< enable sending CA list in
+ unsigned int MBEDTLS_PRIVATE(cert_req_ca_list) : 1; /*!< enable sending CA list in
Certificate Request messages? */
+ unsigned int respect_cli_pref : 1; /*!< pick the ciphersuite according to
+ the client's preferences rather
+ than ours */
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- unsigned int ignore_unexpected_cid : 1; /*!< Determines whether DTLS
+ unsigned int MBEDTLS_PRIVATE(ignore_unexpected_cid) : 1; /*!< Determines whether DTLS
* record with unexpected CID
* should lead to failure. */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
- unsigned int dtls_srtp_mki_support : 1; /* support having mki_value
+ unsigned int MBEDTLS_PRIVATE(dtls_srtp_mki_support) : 1; /* support having mki_value
in the use_srtp extension */
#endif
};
struct mbedtls_ssl_context
{
- const mbedtls_ssl_config *conf; /*!< configuration information */
+ const mbedtls_ssl_config *MBEDTLS_PRIVATE(conf); /*!< configuration information */
/*
* Miscellaneous
*/
- int state; /*!< SSL handshake: current state */
+ int MBEDTLS_PRIVATE(state); /*!< SSL handshake: current state */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- int renego_status; /*!< Initial, in progress, pending? */
- int renego_records_seen; /*!< Records since renego request, or with DTLS,
+ int MBEDTLS_PRIVATE(renego_status); /*!< Initial, in progress, pending? */
+ int MBEDTLS_PRIVATE(renego_records_seen); /*!< Records since renego request, or with DTLS,
number of retransmissions of request if
renego_max_records is < 0 */
#endif /* MBEDTLS_SSL_RENEGOTIATION */
- int major_ver; /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
- int minor_ver; /*!< one of MBEDTLS_SSL_MINOR_VERSION_x macros */
-
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
- unsigned badmac_seen; /*!< records with a bad MAC received */
-#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
+ int MBEDTLS_PRIVATE(major_ver); /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */
+ int MBEDTLS_PRIVATE(minor_ver); /*!< one of MBEDTLS_SSL_MINOR_VERSION_x macros */
+ unsigned MBEDTLS_PRIVATE(badmac_seen); /*!< records with a bad MAC received */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/** Callback to customize X.509 certificate chain verification */
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
- void *p_vrfy; /*!< context for X.509 verify callback */
+ int (*MBEDTLS_PRIVATE(f_vrfy))(void *, mbedtls_x509_crt *, int, uint32_t *);
+ void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify callback */
#endif
- mbedtls_ssl_send_t *f_send; /*!< Callback for network send */
- mbedtls_ssl_recv_t *f_recv; /*!< Callback for network receive */
- mbedtls_ssl_recv_timeout_t *f_recv_timeout;
+ mbedtls_ssl_send_t *MBEDTLS_PRIVATE(f_send); /*!< Callback for network send */
+ mbedtls_ssl_recv_t *MBEDTLS_PRIVATE(f_recv); /*!< Callback for network receive */
+ mbedtls_ssl_recv_timeout_t *MBEDTLS_PRIVATE(f_recv_timeout);
/*!< Callback for network receive with timeout */
- void *p_bio; /*!< context for I/O operations */
+ void *MBEDTLS_PRIVATE(p_bio); /*!< context for I/O operations */
/*
* Session layer
*/
- mbedtls_ssl_session *session_in; /*!< current session data (in) */
- mbedtls_ssl_session *session_out; /*!< current session data (out) */
- mbedtls_ssl_session *session; /*!< negotiated session data */
- mbedtls_ssl_session *session_negotiate; /*!< session data in negotiation */
+ mbedtls_ssl_session *MBEDTLS_PRIVATE(session_in); /*!< current session data (in) */
+ mbedtls_ssl_session *MBEDTLS_PRIVATE(session_out); /*!< current session data (out) */
+ mbedtls_ssl_session *MBEDTLS_PRIVATE(session); /*!< negotiated session data */
+ mbedtls_ssl_session *MBEDTLS_PRIVATE(session_negotiate); /*!< session data in negotiation */
- mbedtls_ssl_handshake_params *handshake; /*!< params required only during
+ mbedtls_ssl_handshake_params *MBEDTLS_PRIVATE(handshake); /*!< params required only during
the handshake process */
/*
* Record layer transformations
*/
- mbedtls_ssl_transform *transform_in; /*!< current transform params (in) */
- mbedtls_ssl_transform *transform_out; /*!< current transform params (in) */
- mbedtls_ssl_transform *transform; /*!< negotiated transform params */
- mbedtls_ssl_transform *transform_negotiate; /*!< transform params in negotiation */
+ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in); /*!< current transform params (in) */
+ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out); /*!< current transform params (in) */
+ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!< negotiated transform params */
+ mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!< transform params in negotiation */
/*
* Timers
*/
- void *p_timer; /*!< context for the timer callbacks */
+ void *MBEDTLS_PRIVATE(p_timer); /*!< context for the timer callbacks */
- mbedtls_ssl_set_timer_t *f_set_timer; /*!< set timer callback */
- mbedtls_ssl_get_timer_t *f_get_timer; /*!< get timer callback */
+ mbedtls_ssl_set_timer_t *MBEDTLS_PRIVATE(f_set_timer); /*!< set timer callback */
+ mbedtls_ssl_get_timer_t *MBEDTLS_PRIVATE(f_get_timer); /*!< get timer callback */
/*
* Record layer (incoming data)
*/
- unsigned char *in_buf; /*!< input buffer */
- unsigned char *in_ctr; /*!< 64-bit incoming message counter
+ unsigned char *MBEDTLS_PRIVATE(in_buf); /*!< input buffer */
+ unsigned char *MBEDTLS_PRIVATE(in_ctr); /*!< 64-bit incoming message counter
TLS: maintained by us
DTLS: read from peer */
- unsigned char *in_hdr; /*!< start of record header */
+ unsigned char *MBEDTLS_PRIVATE(in_hdr); /*!< start of record header */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- unsigned char *in_cid; /*!< The start of the CID;
+ unsigned char *MBEDTLS_PRIVATE(in_cid); /*!< The start of the CID;
* (the end is marked by in_len). */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- unsigned char *in_len; /*!< two-bytes message length field */
- unsigned char *in_iv; /*!< ivlen-byte IV */
- unsigned char *in_msg; /*!< message contents (in_iv+ivlen) */
- unsigned char *in_offt; /*!< read offset in application data */
+ unsigned char *MBEDTLS_PRIVATE(in_len); /*!< two-bytes message length field */
+ unsigned char *MBEDTLS_PRIVATE(in_iv); /*!< ivlen-byte IV */
+ unsigned char *MBEDTLS_PRIVATE(in_msg); /*!< message contents (in_iv+ivlen) */
+ unsigned char *MBEDTLS_PRIVATE(in_offt); /*!< read offset in application data */
- int in_msgtype; /*!< record header: message type */
- size_t in_msglen; /*!< record header: message length */
- size_t in_left; /*!< amount of data read so far */
+ int MBEDTLS_PRIVATE(in_msgtype); /*!< record header: message type */
+ size_t MBEDTLS_PRIVATE(in_msglen); /*!< record header: message length */
+ size_t MBEDTLS_PRIVATE(in_left); /*!< amount of data read so far */
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- size_t in_buf_len; /*!< length of input buffer */
+ size_t MBEDTLS_PRIVATE(in_buf_len); /*!< length of input buffer */
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint16_t in_epoch; /*!< DTLS epoch for incoming records */
- size_t next_record_offset; /*!< offset of the next record in datagram
+ uint16_t MBEDTLS_PRIVATE(in_epoch); /*!< DTLS epoch for incoming records */
+ size_t MBEDTLS_PRIVATE(next_record_offset); /*!< offset of the next record in datagram
(equal to in_left if none) */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
- uint64_t in_window_top; /*!< last validated record seq_num */
- uint64_t in_window; /*!< bitmask for replay detection */
+ uint64_t MBEDTLS_PRIVATE(in_window_top); /*!< last validated record seq_num */
+ uint64_t MBEDTLS_PRIVATE(in_window); /*!< bitmask for replay detection */
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
- size_t in_hslen; /*!< current handshake message length,
+ size_t MBEDTLS_PRIVATE(in_hslen); /*!< current handshake message length,
including the handshake header */
- int nb_zero; /*!< # of 0-length encrypted messages */
+ int MBEDTLS_PRIVATE(nb_zero); /*!< # of 0-length encrypted messages */
- int keep_current_message; /*!< drop or reuse current message
+ int MBEDTLS_PRIVATE(keep_current_message); /*!< drop or reuse current message
on next call to record layer? */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint8_t disable_datagram_packing; /*!< Disable packing multiple records
+ uint8_t MBEDTLS_PRIVATE(disable_datagram_packing); /*!< Disable packing multiple records
* within a single datagram. */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/*
* Record layer (outgoing data)
*/
- unsigned char *out_buf; /*!< output buffer */
- unsigned char *out_ctr; /*!< 64-bit outgoing message counter */
- unsigned char *out_hdr; /*!< start of record header */
+ unsigned char *MBEDTLS_PRIVATE(out_buf); /*!< output buffer */
+ unsigned char *MBEDTLS_PRIVATE(out_ctr); /*!< 64-bit outgoing message counter */
+ unsigned char *MBEDTLS_PRIVATE(out_hdr); /*!< start of record header */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- unsigned char *out_cid; /*!< The start of the CID;
+ unsigned char *MBEDTLS_PRIVATE(out_cid); /*!< The start of the CID;
* (the end is marked by in_len). */
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
- unsigned char *out_len; /*!< two-bytes message length field */
- unsigned char *out_iv; /*!< ivlen-byte IV */
- unsigned char *out_msg; /*!< message contents (out_iv+ivlen) */
+ unsigned char *MBEDTLS_PRIVATE(out_len); /*!< two-bytes message length field */
+ unsigned char *MBEDTLS_PRIVATE(out_iv); /*!< ivlen-byte IV */
+ unsigned char *MBEDTLS_PRIVATE(out_msg); /*!< message contents (out_iv+ivlen) */
- int out_msgtype; /*!< record header: message type */
- size_t out_msglen; /*!< record header: message length */
- size_t out_left; /*!< amount of data not yet written */
+ int MBEDTLS_PRIVATE(out_msgtype); /*!< record header: message type */
+ size_t MBEDTLS_PRIVATE(out_msglen); /*!< record header: message length */
+ size_t MBEDTLS_PRIVATE(out_left); /*!< amount of data not yet written */
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- size_t out_buf_len; /*!< length of output buffer */
+ size_t MBEDTLS_PRIVATE(out_buf_len); /*!< length of output buffer */
#endif
- unsigned char cur_out_ctr[8]; /*!< Outgoing record sequence number. */
+ unsigned char MBEDTLS_PRIVATE(cur_out_ctr)[8]; /*!< Outgoing record sequence number. */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- uint16_t mtu; /*!< path mtu, used to fragment outgoing messages */
+ uint16_t MBEDTLS_PRIVATE(mtu); /*!< path mtu, used to fragment outgoing messages */
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/*
* PKI layer
*/
- int client_auth; /*!< flag for client auth. */
+ int MBEDTLS_PRIVATE(client_auth); /*!< flag for client auth. */
/*
* User settings
*/
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- char *hostname; /*!< expected peer CN for verification
+ char *MBEDTLS_PRIVATE(hostname); /*!< expected peer CN for verification
(and SNI if available) */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ALPN)
- const char *alpn_chosen; /*!< negotiated protocol */
+ const char *MBEDTLS_PRIVATE(alpn_chosen); /*!< negotiated protocol */
#endif /* MBEDTLS_SSL_ALPN */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
/*
* use_srtp extension
*/
- mbedtls_dtls_srtp_info dtls_srtp_info;
+ mbedtls_dtls_srtp_info MBEDTLS_PRIVATE(dtls_srtp_info);
#endif /* MBEDTLS_SSL_DTLS_SRTP */
/*
* Information for DTLS hello verify
*/
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
- unsigned char *cli_id; /*!< transport-level ID of the client */
- size_t cli_id_len; /*!< length of cli_id */
+ unsigned char *MBEDTLS_PRIVATE(cli_id); /*!< transport-level ID of the client */
+ size_t MBEDTLS_PRIVATE(cli_id_len); /*!< length of cli_id */
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
/*
* Secure renegotiation
*/
/* needed to know when to send extension on server */
- int secure_renegotiation; /*!< does peer support legacy or
+ int MBEDTLS_PRIVATE(secure_renegotiation); /*!< does peer support legacy or
secure renegotiation */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- size_t verify_data_len; /*!< length of verify data stored */
- char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
- char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
+ size_t MBEDTLS_PRIVATE(verify_data_len); /*!< length of verify data stored */
+ char MBEDTLS_PRIVATE(own_verify_data)[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
+ char MBEDTLS_PRIVATE(peer_verify_data)[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
#endif /* MBEDTLS_SSL_RENEGOTIATION */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@@ -1394,9 +1386,9 @@
* all subsequent handshakes. This may be different from the
* CID currently used in case the user has re-configured the CID
* after an initial handshake. */
- unsigned char own_cid[ MBEDTLS_SSL_CID_IN_LEN_MAX ];
- uint8_t own_cid_len; /*!< The length of \c own_cid. */
- uint8_t negotiate_cid; /*!< This indicates whether the CID extension should
+ unsigned char MBEDTLS_PRIVATE(own_cid)[ MBEDTLS_SSL_CID_IN_LEN_MAX ];
+ uint8_t MBEDTLS_PRIVATE(own_cid_len); /*!< The length of \c own_cid. */
+ uint8_t MBEDTLS_PRIVATE(negotiate_cid); /*!< This indicates whether the CID extension should
* be negotiated in the next handshake or not.
* Possible values are #MBEDTLS_SSL_CID_ENABLED
* and #MBEDTLS_SSL_CID_DISABLED. */
@@ -2261,7 +2253,6 @@
void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
/**
* \brief Set a limit on the number of records with a bad MAC
* before terminating the connection.
@@ -2286,7 +2277,6 @@
* many bogus packets.
*/
void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit );
-#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -2509,9 +2499,12 @@
* The ciphersuites array is not copied, and must remain
* valid for the lifetime of the ssl_config.
*
- * Note: The server uses its own preferences
- * over the preference of the client unless
- * MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE is defined!
+ * Note: By default, the server chooses its preferred
+ * ciphersuite among those that the client supports. If
+ * mbedtls_ssl_conf_preference_order() is called to prefer
+ * the client's preferences, the server instead chooses
+ * the client's preferred ciphersuite among those that
+ * the server supports.
*
* \param conf SSL configuration
* \param ciphersuites 0-terminated list of allowed ciphersuites
@@ -2519,17 +2512,6 @@
void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
const int *ciphersuites );
-/**
- * \brief Get ciphersuite for given protocol's minor version.
- *
- * \param conf The SSL configuration.
- * \param prot_version Protocol version. One of MBEDTLS_SSL_MINOR_VERSION_x macros.
- * \return Ciphersuites pointer if successful.
- * \return \c NULL if no ciphersuites where found.
- */
-const int *mbedtls_ssl_get_protocol_version_ciphersuites(
- const mbedtls_ssl_config *conf, int prot_version );
-
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
#define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0
#define MBEDTLS_SSL_UNEXPECTED_CID_FAIL 1
@@ -2569,27 +2551,6 @@
int ignore_other_cids );
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-/**
- * \brief Set the list of allowed ciphersuites and the
- * preference order for a specific version of the protocol.
- * (Only useful on the server side)
- *
- * The ciphersuites array is not copied, and must remain
- * valid for the lifetime of the ssl_config.
- *
- * \param conf SSL configuration
- * \param ciphersuites 0-terminated list of allowed ciphersuites
- * \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3
- * supported)
- * \param minor Minor version number (only MBEDTLS_SSL_MINOR_VERSION_3
- * supported)
- *
- * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
- */
-void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf,
- const int *ciphersuites,
- int major, int minor );
-
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
* \brief Set the X.509 security profile used for verification
@@ -2719,8 +2680,14 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
/**
- * \brief Configure a pre-shared key (PSK) and identity
- * to be used in PSK-based ciphersuites.
+ * \brief Configure pre-shared keys (PSKs) and their
+ * identities to be used in PSK-based ciphersuites.
+ *
+ * Only one PSK can be registered, through either
+ * mbedtls_ssl_conf_psk() or mbedtls_ssl_conf_psk_opaque().
+ * If you attempt to register more than one PSK, this function
+ * fails, though this may change in future versions, which
+ * may add support for multiple PSKs.
*
* \note This is mainly useful for clients. Servers will usually
* want to use \c mbedtls_ssl_conf_psk_cb() instead.
@@ -2728,13 +2695,6 @@
* \note A PSK set by \c mbedtls_ssl_set_hs_psk() in the PSK callback
* takes precedence over a PSK configured by this function.
*
- * \warning Currently, clients can only register a single pre-shared key.
- * Calling this function or mbedtls_ssl_conf_psk_opaque() more
- * than once will overwrite values configured in previous calls.
- * Support for setting multiple PSKs on clients and selecting
- * one based on the identity hint is not a planned feature,
- * but feedback is welcomed.
- *
* \param conf The SSL configuration to register the PSK with.
* \param psk The pointer to the pre-shared key to use.
* \param psk_len The length of the pre-shared key in bytes.
@@ -2747,7 +2707,9 @@
* of the SSL configuration.
*
* \return \c 0 if successful.
- * \return An \c MBEDTLS_ERR_SSL_XXX error code on failure.
+ * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no more PSKs
+ * can be configured. In this case, the old PSK(s) remain intact.
+ * \return Another negative error code on other kinds of failure.
*/
int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
const unsigned char *psk, size_t psk_len,
@@ -2755,8 +2717,14 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
- * \brief Configure an opaque pre-shared key (PSK) and identity
- * to be used in PSK-based ciphersuites.
+ * \brief Configure one or more opaque pre-shared keys (PSKs) and
+ * their identities to be used in PSK-based ciphersuites.
+ *
+ * Only one PSK can be registered, through either
+ * mbedtls_ssl_conf_psk() or mbedtls_ssl_conf_psk_opaque().
+ * If you attempt to register more than one PSK, this function
+ * fails, though this may change in future versions, which
+ * may add support for multiple PSKs.
*
* \note This is mainly useful for clients. Servers will usually
* want to use \c mbedtls_ssl_conf_psk_cb() instead.
@@ -2765,13 +2733,6 @@
* the PSK callback takes precedence over an opaque PSK
* configured by this function.
*
- * \warning Currently, clients can only register a single pre-shared key.
- * Calling this function or mbedtls_ssl_conf_psk() more than
- * once will overwrite values configured in previous calls.
- * Support for setting multiple PSKs on clients and selecting
- * one based on the identity hint is not a planned feature,
- * but feedback is welcomed.
- *
* \param conf The SSL configuration to register the PSK with.
* \param psk The identifier of the key slot holding the PSK.
* Until \p conf is destroyed or this function is successfully
@@ -2788,7 +2749,9 @@
* SSL configuration.
*
* \return \c 0 if successful.
- * \return An \c MBEDTLS_ERR_SSL_XXX error code on failure.
+ * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no more PSKs
+ * can be configured. In this case, the old PSK(s) remain intact.
+ * \return Another negative error code on other kinds of failure.
*/
int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf,
psa_key_id_t psk,
@@ -3238,8 +3201,7 @@
*
* \param conf SSL configuration
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
- * \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
- * MBEDTLS_SSL_MINOR_VERSION_3 supported)
+ * \param minor Minor version number (only MBEDTLS_SSL_MINOR_VERSION_3 supported)
*/
void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor );
@@ -3254,9 +3216,7 @@
*
* \param conf SSL configuration
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
- * \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_1,
- * MBEDTLS_SSL_MINOR_VERSION_2,
- * MBEDTLS_SSL_MINOR_VERSION_3 supported)
+ * \param minor Minor version number (only MBEDTLS_SSL_MINOR_VERSION_3 supported)
*/
void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor );
@@ -3342,6 +3302,19 @@
int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code );
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+#if defined(MBEDTLS_SSL_SRV_C)
+/**
+ * \brief Pick the ciphersuites order according to the second parameter
+ * in the SSL Server module (MBEDTLS_SSL_SRV_C).
+ * (Default, if never called: MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER)
+ *
+ * \param conf SSL configuration
+ * \param order Server or client (MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER
+ * or MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT)
+ */
+void mbedtls_ssl_conf_preference_order( mbedtls_ssl_config *conf, int order );
+#endif /* MBEDTLS_SSL_SRV_C */
+
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
/**
* \brief Activate negotiation of truncated HMAC
@@ -3586,45 +3559,15 @@
*/
int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-/**
- * \brief Return the maximum fragment length (payload, in bytes) for
- * the output buffer. For the client, this is the configured
- * value. For the server, it is the minimum of two - the
- * configured value and the negotiated one.
- *
- * \sa mbedtls_ssl_conf_max_frag_len()
- * \sa mbedtls_ssl_get_max_record_payload()
- *
- * \param ssl SSL context
- *
- * \return Current maximum fragment length for the output buffer.
- */
-size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl );
-
-/**
- * \brief Return the maximum fragment length (payload, in bytes) for
- * the input buffer. This is the negotiated maximum fragment
- * length, or, if there is none, MBEDTLS_SSL_IN_CONTENT_LEN.
- * If it is not defined either, the value is 2^14. This function
- * works as its predecessor, \c mbedtls_ssl_get_max_frag_len().
- *
- * \sa mbedtls_ssl_conf_max_frag_len()
- * \sa mbedtls_ssl_get_max_record_payload()
- *
- * \param ssl SSL context
- *
- * \return Current maximum fragment length for the output buffer.
- */
-size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl );
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-
/**
* \brief Return the current maximum outgoing record payload in bytes.
- * This takes into account the config.h setting \c
- * MBEDTLS_SSL_OUT_CONTENT_LEN, the configured and negotiated
- * max fragment length extension if used, and for DTLS the
- * path MTU as configured and current record expansion.
+ *
+ * \note The logic to determine the maximum outgoing record payload is
+ * version-specific. It takes into account various factors, such as
+ * the config.h setting \c MBEDTLS_SSL_OUT_CONTENT_LEN, extensions
+ * such as the max fragment length or record size limit extension if
+ * used, and for DTLS the path MTU as configured and current
+ * record expansion.
*
* \note With DTLS, \c mbedtls_ssl_write() will return an error if
* called with a larger length value.
@@ -3633,9 +3576,7 @@
* to the caller to call \c mbedtls_ssl_write() again in
* order to send the remaining bytes if any.
*
- * \sa mbedtls_ssl_set_mtu()
- * \sa mbedtls_ssl_get_output_max_frag_len()
- * \sa mbedtls_ssl_get_input_max_frag_len()
+ * \sa mbedtls_ssl_get_max_out_record_payload()
* \sa mbedtls_ssl_get_record_expansion()
*
* \param ssl SSL context
@@ -3645,6 +3586,26 @@
*/
int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl );
+/**
+ * \brief Return the current maximum incoming record payload in bytes.
+ *
+ * \note The logic to determine the maximum outgoing record payload is
+ * version-specific. It takes into account various factors, such as
+ * the config.h setting \c MBEDTLS_SSL_IN_CONTENT_LEN, extensions
+ * such as the max fragment length extension or record size limit
+ * extension if used, and the current record expansion.
+ *
+ * \sa mbedtls_ssl_set_mtu()
+ * \sa mbedtls_ssl_get_max_in_record_payload()
+ * \sa mbedtls_ssl_get_record_expansion()
+ *
+ * \param ssl SSL context
+ *
+ * \return Current maximum payload for an outgoing record,
+ * or a negative error code.
+ */
+int mbedtls_ssl_get_max_in_record_payload( const mbedtls_ssl_context *ssl );
+
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
* \brief Return the peer certificate from the current connection.
@@ -3943,7 +3904,7 @@
* or negotiated with the peer), then:
* - with TLS, less bytes than requested are written.
* - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned.
- * \c mbedtls_ssl_get_output_max_frag_len() may be used to
+ * \c mbedtls_ssl_get_max_out_record_payload() may be used to
* query the active maximum fragment length.
*
* \note Attempting to write 0 bytes will result in an empty TLS
diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h
index ac7b77c..d995f8f 100644
--- a/include/mbedtls/ssl_cache.h
+++ b/include/mbedtls/ssl_cache.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_SSL_CACHE_H
#define MBEDTLS_SSL_CACHE_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -65,16 +66,16 @@
struct mbedtls_ssl_cache_entry
{
#if defined(MBEDTLS_HAVE_TIME)
- mbedtls_time_t timestamp; /*!< entry timestamp */
+ mbedtls_time_t MBEDTLS_PRIVATE(timestamp); /*!< entry timestamp */
#endif
- unsigned char session_id[32]; /*!< session ID */
- size_t session_id_len;
+ unsigned char MBEDTLS_PRIVATE(session_id)[32]; /*!< session ID */
+ size_t MBEDTLS_PRIVATE(session_id_len);
- unsigned char *session; /*!< serialized session */
- size_t session_len;
+ unsigned char *MBEDTLS_PRIVATE(session); /*!< serialized session */
+ size_t MBEDTLS_PRIVATE(session_len);
- mbedtls_ssl_cache_entry *next; /*!< chain pointer */
+ mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(next); /*!< chain pointer */
};
/**
@@ -82,11 +83,11 @@
*/
struct mbedtls_ssl_cache_context
{
- mbedtls_ssl_cache_entry *chain; /*!< start of the chain */
- int timeout; /*!< cache entry timeout */
- int max_entries; /*!< maximum entries */
+ mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(chain); /*!< start of the chain */
+ int MBEDTLS_PRIVATE(timeout); /*!< cache entry timeout */
+ int MBEDTLS_PRIVATE(max_entries); /*!< maximum entries */
#if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t mutex; /*!< mutex */
+ mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */
#endif
};
diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 3eacfb5..e343c9c 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_SSL_CIPHERSUITES_H
#define MBEDTLS_SSL_CIPHERSUITES_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -42,10 +43,6 @@
#define MBEDTLS_TLS_RSA_WITH_NULL_MD5 0x01 /**< Weak! */
#define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02 /**< Weak! */
-#define MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x0A
-
-#define MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x16
-
#define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C /**< Weak! */
#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 0x2D /**< Weak! */
#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA 0x2E /**< Weak! */
@@ -68,15 +65,12 @@
#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x84
#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88
-#define MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA 0x8B
#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C
#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D
-#define MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x8F
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90
#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91
-#define MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x93
#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 0x94
#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 0x95
@@ -114,22 +108,18 @@
#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 /**< Weak! */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004
#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 /**< Weak! */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009
#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A
#define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA 0xC00B /**< Weak! */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 0xC00D
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F
#define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 /**< Weak! */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012
#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013
#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014
@@ -151,7 +141,6 @@
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031 /**< TLS 1.2 */
#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0xC034
#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA 0xC035
#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA 0xC036
#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037
@@ -374,19 +363,19 @@
*/
struct mbedtls_ssl_ciphersuite_t
{
- int id;
- const char * name;
+ int MBEDTLS_PRIVATE(id);
+ const char * MBEDTLS_PRIVATE(name);
- mbedtls_cipher_type_t cipher;
- mbedtls_md_type_t mac;
- mbedtls_key_exchange_type_t key_exchange;
+ mbedtls_cipher_type_t MBEDTLS_PRIVATE(cipher);
+ mbedtls_md_type_t MBEDTLS_PRIVATE(mac);
+ mbedtls_key_exchange_type_t MBEDTLS_PRIVATE(key_exchange);
- int min_major_ver;
- int min_minor_ver;
- int max_major_ver;
- int max_minor_ver;
+ int MBEDTLS_PRIVATE(min_major_ver);
+ int MBEDTLS_PRIVATE(min_minor_ver);
+ int MBEDTLS_PRIVATE(max_major_ver);
+ int MBEDTLS_PRIVATE(max_minor_ver);
- unsigned char flags;
+ unsigned char MBEDTLS_PRIVATE(flags);
};
const int *mbedtls_ssl_list_ciphersuites( void );
@@ -405,7 +394,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info )
{
- switch( info->key_exchange )
+ switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
@@ -424,7 +413,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_t *info )
{
- switch( info->key_exchange )
+ switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
@@ -442,7 +431,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersuite_t *info )
{
- switch( info->key_exchange )
+ switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
@@ -456,7 +445,7 @@
static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info )
{
- switch( info->key_exchange )
+ switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
@@ -473,7 +462,7 @@
static inline int mbedtls_ssl_ciphersuite_uses_srv_cert( const mbedtls_ssl_ciphersuite_t *info )
{
- switch( info->key_exchange )
+ switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
@@ -492,7 +481,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuite_t *info )
{
- switch( info->key_exchange )
+ switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
@@ -507,7 +496,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersuite_t *info )
{
- switch( info->key_exchange )
+ switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
@@ -523,7 +512,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
static inline int mbedtls_ssl_ciphersuite_uses_server_signature( const mbedtls_ssl_ciphersuite_t *info )
{
- switch( info->key_exchange )
+ switch( info->MBEDTLS_PRIVATE(key_exchange) )
{
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h
index 0a23870..c4f042c 100644
--- a/include/mbedtls/ssl_cookie.h
+++ b/include/mbedtls/ssl_cookie.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_SSL_COOKIE_H
#define MBEDTLS_SSL_COOKIE_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -56,15 +57,15 @@
*/
typedef struct mbedtls_ssl_cookie_ctx
{
- mbedtls_md_context_t hmac_ctx; /*!< context for the HMAC portion */
+ mbedtls_md_context_t MBEDTLS_PRIVATE(hmac_ctx); /*!< context for the HMAC portion */
#if !defined(MBEDTLS_HAVE_TIME)
- unsigned long serial; /*!< serial number for expiration */
+ unsigned long MBEDTLS_PRIVATE(serial); /*!< serial number for expiration */
#endif
- unsigned long timeout; /*!< timeout delay, in seconds if HAVE_TIME,
+ unsigned long MBEDTLS_PRIVATE(timeout); /*!< timeout delay, in seconds if HAVE_TIME,
or in number of tickets issued */
#if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t mutex;
+ mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
#endif
} mbedtls_ssl_cookie_ctx;
diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h
index a882eed..871eec3 100644
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_SSL_TICKET_H
#define MBEDTLS_SSL_TICKET_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -50,9 +51,9 @@
*/
typedef struct mbedtls_ssl_ticket_key
{
- unsigned char name[4]; /*!< random key identifier */
- uint32_t generation_time; /*!< key generation timestamp (seconds) */
- mbedtls_cipher_context_t ctx; /*!< context for auth enc/decryption */
+ unsigned char MBEDTLS_PRIVATE(name)[4]; /*!< random key identifier */
+ uint32_t MBEDTLS_PRIVATE(generation_time); /*!< key generation timestamp (seconds) */
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx); /*!< context for auth enc/decryption */
}
mbedtls_ssl_ticket_key;
@@ -61,17 +62,17 @@
*/
typedef struct mbedtls_ssl_ticket_context
{
- mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys */
- unsigned char active; /*!< index of the currently active key */
+ mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys */
+ unsigned char MBEDTLS_PRIVATE(active); /*!< index of the currently active key */
- uint32_t ticket_lifetime; /*!< lifetime of tickets in seconds */
+ uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< lifetime of tickets in seconds */
/** Callback for getting (pseudo-)random numbers */
- int (*f_rng)(void *, unsigned char *, size_t);
- void *p_rng; /*!< context for the RNG function */
+ int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
+ void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */
#if defined(MBEDTLS_THREADING_C)
- mbedtls_threading_mutex_t mutex;
+ mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
#endif
}
mbedtls_ssl_ticket_context;
diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index 1047f8f..fae96c2 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_THREADING_H
#define MBEDTLS_THREADING_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -41,11 +42,11 @@
#include <pthread.h>
typedef struct mbedtls_threading_mutex_t
{
- pthread_mutex_t mutex;
+ pthread_mutex_t MBEDTLS_PRIVATE(mutex);
/* is_valid is 0 after a failed init or a free, and nonzero after a
* successful init. This field is not considered part of the public
* API of Mbed TLS and may change without notice. */
- char is_valid;
+ char MBEDTLS_PRIVATE(is_valid);
} mbedtls_threading_mutex_t;
#endif
diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h
index b7290cf..7669bb9 100644
--- a/include/mbedtls/timing.h
+++ b/include/mbedtls/timing.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_TIMING_H
#define MBEDTLS_TIMING_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -43,7 +44,7 @@
*/
struct mbedtls_timing_hr_time
{
- unsigned char opaque[32];
+ unsigned char MBEDTLS_PRIVATE(opaque)[32];
};
/**
@@ -51,9 +52,9 @@
*/
typedef struct mbedtls_timing_delay_context
{
- struct mbedtls_timing_hr_time timer;
- uint32_t int_ms;
- uint32_t fin_ms;
+ struct mbedtls_timing_hr_time MBEDTLS_PRIVATE(timer);
+ uint32_t MBEDTLS_PRIVATE(int_ms);
+ uint32_t MBEDTLS_PRIVATE(fin_ms);
} mbedtls_timing_delay_context;
#else /* MBEDTLS_TIMING_ALT */
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index 3091de1..b7a969a 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_X509_H
#define MBEDTLS_X509_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -229,8 +230,8 @@
/** Container for date and time (precision in seconds). */
typedef struct mbedtls_x509_time
{
- int year, mon, day; /**< Date. */
- int hour, min, sec; /**< Time. */
+ int MBEDTLS_PRIVATE(year), MBEDTLS_PRIVATE(mon), MBEDTLS_PRIVATE(day); /**< Date. */
+ int MBEDTLS_PRIVATE(hour), MBEDTLS_PRIVATE(min), MBEDTLS_PRIVATE(sec); /**< Time. */
}
mbedtls_x509_time;
diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h
index fcaa149..440da12 100644
--- a/include/mbedtls/x509_crl.h
+++ b/include/mbedtls/x509_crl.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_X509_CRL_H
#define MBEDTLS_X509_CRL_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -49,15 +50,15 @@
*/
typedef struct mbedtls_x509_crl_entry
{
- mbedtls_x509_buf raw;
+ mbedtls_x509_buf MBEDTLS_PRIVATE(raw);
- mbedtls_x509_buf serial;
+ mbedtls_x509_buf MBEDTLS_PRIVATE(serial);
- mbedtls_x509_time revocation_date;
+ mbedtls_x509_time MBEDTLS_PRIVATE(revocation_date);
- mbedtls_x509_buf entry_ext;
+ mbedtls_x509_buf MBEDTLS_PRIVATE(entry_ext);
- struct mbedtls_x509_crl_entry *next;
+ struct mbedtls_x509_crl_entry *MBEDTLS_PRIVATE(next);
}
mbedtls_x509_crl_entry;
@@ -67,30 +68,30 @@
*/
typedef struct mbedtls_x509_crl
{
- mbedtls_x509_buf raw; /**< The raw certificate data (DER). */
- mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER). */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER). The part that is To Be Signed. */
- int version; /**< CRL version (1=v1, 2=v2) */
- mbedtls_x509_buf sig_oid; /**< CRL signature type identifier */
+ int MBEDTLS_PRIVATE(version); /**< CRL version (1=v1, 2=v2) */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< CRL signature type identifier */
- mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data (DER). */
- mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */
+ mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data (named information object). */
- mbedtls_x509_time this_update;
- mbedtls_x509_time next_update;
+ mbedtls_x509_time MBEDTLS_PRIVATE(this_update);
+ mbedtls_x509_time MBEDTLS_PRIVATE(next_update);
- mbedtls_x509_crl_entry entry; /**< The CRL entries containing the certificate revocation times for this CA. */
+ mbedtls_x509_crl_entry MBEDTLS_PRIVATE(entry); /**< The CRL entries containing the certificate revocation times for this CA. */
- mbedtls_x509_buf crl_ext;
+ mbedtls_x509_buf MBEDTLS_PRIVATE(crl_ext);
- mbedtls_x509_buf sig_oid2;
- mbedtls_x509_buf sig;
- mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
- mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
- void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid2);
+ mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
+ mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
+ mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
+ void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
- struct mbedtls_x509_crl *next;
+ struct mbedtls_x509_crl *MBEDTLS_PRIVATE(next);
}
mbedtls_x509_crl;
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 23a20d1..d383168 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_X509_CRT_H
#define MBEDTLS_X509_CRT_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -51,50 +52,50 @@
*/
typedef struct mbedtls_x509_crt
{
- int own_buffer; /**< Indicates if \c raw is owned
+ int MBEDTLS_PRIVATE(own_buffer); /**< Indicates if \c raw is owned
* by the structure or not. */
- mbedtls_x509_buf raw; /**< The raw certificate data (DER). */
- mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER). */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER). The part that is To Be Signed. */
- int version; /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
- mbedtls_x509_buf serial; /**< Unique id for certificate issued by a specific CA. */
- mbedtls_x509_buf sig_oid; /**< Signature algorithm, e.g. sha1RSA */
+ int MBEDTLS_PRIVATE(version); /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(serial); /**< Unique id for certificate issued by a specific CA. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< Signature algorithm, e.g. sha1RSA */
- mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). Used for quick comparison. */
- mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). Used for quick comparison. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data (DER). Used for quick comparison. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data (DER). Used for quick comparison. */
- mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */
- mbedtls_x509_name subject; /**< The parsed subject data (named information object). */
+ mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data (named information object). */
+ mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data (named information object). */
- mbedtls_x509_time valid_from; /**< Start time of certificate validity. */
- mbedtls_x509_time valid_to; /**< End time of certificate validity. */
+ mbedtls_x509_time MBEDTLS_PRIVATE(valid_from); /**< Start time of certificate validity. */
+ mbedtls_x509_time MBEDTLS_PRIVATE(valid_to); /**< End time of certificate validity. */
- mbedtls_x509_buf pk_raw;
- mbedtls_pk_context pk; /**< Container for the public key context. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(pk_raw);
+ mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key context. */
- mbedtls_x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */
- mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */
- mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */
- mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_id); /**< Optional X.509 v2/v3 issuer unique identifier. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(subject_id); /**< Optional X.509 v2/v3 subject unique identifier. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(v3_ext); /**< Optional X.509 v3 extensions. */
+ mbedtls_x509_sequence MBEDTLS_PRIVATE(subject_alt_names); /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */
- mbedtls_x509_sequence certificate_policies; /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */
+ mbedtls_x509_sequence MBEDTLS_PRIVATE(certificate_policies); /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */
- int ext_types; /**< Bit string containing detected and parsed extensions */
- int ca_istrue; /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
- int max_pathlen; /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */
+ int MBEDTLS_PRIVATE(ext_types); /**< Bit string containing detected and parsed extensions */
+ int MBEDTLS_PRIVATE(ca_istrue); /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
+ int MBEDTLS_PRIVATE(max_pathlen); /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */
- unsigned int key_usage; /**< Optional key usage extension value: See the values in x509.h */
+ unsigned int MBEDTLS_PRIVATE(key_usage); /**< Optional key usage extension value: See the values in x509.h */
- mbedtls_x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */
+ mbedtls_x509_sequence MBEDTLS_PRIVATE(ext_key_usage); /**< Optional list of extended key usage OIDs. */
- unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */
+ unsigned char MBEDTLS_PRIVATE(ns_cert_type); /**< Optional Netscape certificate type extension value: See the values in x509.h */
- mbedtls_x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */
- mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
- mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
- void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(sig); /**< Signature: hash of the tbs part signed with the private key. */
+ mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
+ mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
+ void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
- struct mbedtls_x509_crt *next; /**< Next certificate in the CA-chain. */
+ struct mbedtls_x509_crt *MBEDTLS_PRIVATE(next); /**< Next certificate in the CA-chain. */
}
mbedtls_x509_crt;
@@ -111,7 +112,7 @@
* To check the value of the type id, you should use
* \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf.
*/
- mbedtls_x509_buf type_id; /**< The type id. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(type_id); /**< The type id. */
union
{
/**
@@ -122,12 +123,12 @@
*/
struct
{
- mbedtls_x509_buf oid; /**< The object identifier. */
- mbedtls_x509_buf val; /**< The named value. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(oid); /**< The object identifier. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(val); /**< The named value. */
}
- hardware_module_name;
+ MBEDTLS_PRIVATE(hardware_module_name);
}
- value;
+ MBEDTLS_PRIVATE(value);
}
mbedtls_x509_san_other_name;
@@ -136,12 +137,12 @@
*/
typedef struct mbedtls_x509_subject_alternative_name
{
- int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
+ int MBEDTLS_PRIVATE(type); /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
union {
- mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */
- mbedtls_x509_buf unstructured_name; /**< The buffer for the un constructed types. Only dnsName currently supported */
+ mbedtls_x509_san_other_name MBEDTLS_PRIVATE(other_name); /**< The otherName supported type. */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(unstructured_name); /**< The buffer for the un constructed types. Only dnsName currently supported */
}
- san; /**< A union of the supported SAN types */
+ MBEDTLS_PRIVATE(san); /**< A union of the supported SAN types */
}
mbedtls_x509_subject_alternative_name;
@@ -158,10 +159,10 @@
*/
typedef struct mbedtls_x509_crt_profile
{
- uint32_t allowed_mds; /**< MDs for signatures */
- uint32_t allowed_pks; /**< PK algs for signatures */
- uint32_t allowed_curves; /**< Elliptic curves for ECDSA */
- uint32_t rsa_min_bitlen; /**< Minimum size for RSA keys */
+ uint32_t MBEDTLS_PRIVATE(allowed_mds); /**< MDs for signatures */
+ uint32_t MBEDTLS_PRIVATE(allowed_pks); /**< PK algs for signatures */
+ uint32_t MBEDTLS_PRIVATE(allowed_curves); /**< Elliptic curves for ECDSA */
+ uint32_t MBEDTLS_PRIVATE(rsa_min_bitlen); /**< Minimum size for RSA keys */
}
mbedtls_x509_crt_profile;
@@ -249,16 +250,16 @@
*/
typedef struct mbedtls_x509write_cert
{
- int version;
- mbedtls_mpi serial;
- mbedtls_pk_context *subject_key;
- mbedtls_pk_context *issuer_key;
- mbedtls_asn1_named_data *subject;
- mbedtls_asn1_named_data *issuer;
- mbedtls_md_type_t md_alg;
- char not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
- char not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
- mbedtls_asn1_named_data *extensions;
+ int MBEDTLS_PRIVATE(version);
+ mbedtls_mpi MBEDTLS_PRIVATE(serial);
+ mbedtls_pk_context *MBEDTLS_PRIVATE(subject_key);
+ mbedtls_pk_context *MBEDTLS_PRIVATE(issuer_key);
+ mbedtls_asn1_named_data *MBEDTLS_PRIVATE(subject);
+ mbedtls_asn1_named_data *MBEDTLS_PRIVATE(issuer);
+ mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg);
+ char MBEDTLS_PRIVATE(not_before)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
+ char MBEDTLS_PRIVATE(not_after)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
+ mbedtls_asn1_named_data *MBEDTLS_PRIVATE(extensions);
}
mbedtls_x509write_cert;
@@ -266,8 +267,8 @@
* Item in a verification chain: cert and flags for it
*/
typedef struct {
- mbedtls_x509_crt *crt;
- uint32_t flags;
+ mbedtls_x509_crt *MBEDTLS_PRIVATE(crt);
+ uint32_t MBEDTLS_PRIVATE(flags);
} mbedtls_x509_crt_verify_chain_item;
/**
@@ -280,15 +281,15 @@
*/
typedef struct
{
- mbedtls_x509_crt_verify_chain_item items[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE];
- unsigned len;
+ mbedtls_x509_crt_verify_chain_item MBEDTLS_PRIVATE(items)[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE];
+ unsigned MBEDTLS_PRIVATE(len);
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
/* This stores the list of potential trusted signers obtained from
* the CA callback used for the CRT verification, if configured.
* We must track it somewhere because the callback passes its
* ownership to the caller. */
- mbedtls_x509_crt *trust_ca_cb_result;
+ mbedtls_x509_crt *MBEDTLS_PRIVATE(trust_ca_cb_result);
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
} mbedtls_x509_crt_verify_chain;
@@ -300,23 +301,23 @@
typedef struct
{
/* for check_signature() */
- mbedtls_pk_restart_ctx pk;
+ mbedtls_pk_restart_ctx MBEDTLS_PRIVATE(pk);
/* for find_parent_in() */
- mbedtls_x509_crt *parent; /* non-null iff parent_in in progress */
- mbedtls_x509_crt *fallback_parent;
- int fallback_signature_is_good;
+ mbedtls_x509_crt *MBEDTLS_PRIVATE(parent); /* non-null iff parent_in in progress */
+ mbedtls_x509_crt *MBEDTLS_PRIVATE(fallback_parent);
+ int MBEDTLS_PRIVATE(fallback_signature_is_good);
/* for find_parent() */
- int parent_is_trusted; /* -1 if find_parent is not in progress */
+ int MBEDTLS_PRIVATE(parent_is_trusted); /* -1 if find_parent is not in progress */
/* for verify_chain() */
enum {
x509_crt_rs_none,
x509_crt_rs_find_parent,
- } in_progress; /* none if no operation is in progress */
- int self_cnt;
- mbedtls_x509_crt_verify_chain ver_chain;
+ } MBEDTLS_PRIVATE(in_progress); /* none if no operation is in progress */
+ int MBEDTLS_PRIVATE(self_cnt);
+ mbedtls_x509_crt_verify_chain MBEDTLS_PRIVATE(ver_chain);
} mbedtls_x509_crt_restart_ctx;
@@ -827,7 +828,6 @@
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
-#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
/**
* \brief Check usage of certificate against keyUsage extension.
*
@@ -851,9 +851,7 @@
*/
int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
unsigned int usage );
-#endif /* MBEDTLS_X509_CHECK_KEY_USAGE) */
-#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
/**
* \brief Check usage of certificate against extendedKeyUsage.
*
@@ -870,7 +868,6 @@
int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
const char *usage_oid,
size_t usage_len );
-#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
#if defined(MBEDTLS_X509_CRL_PARSE_C)
/**
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index 07a3717..0a069df 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_X509_CSR_H
#define MBEDTLS_X509_CSR_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -48,21 +49,21 @@
*/
typedef struct mbedtls_x509_csr
{
- mbedtls_x509_buf raw; /**< The raw CSR data (DER). */
- mbedtls_x509_buf cri; /**< The raw CertificateRequestInfo body (DER). */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw CSR data (DER). */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(cri); /**< The raw CertificateRequestInfo body (DER). */
- int version; /**< CSR version (1=v1). */
+ int MBEDTLS_PRIVATE(version); /**< CSR version (1=v1). */
- mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). */
- mbedtls_x509_name subject; /**< The parsed subject data (named information object). */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data (DER). */
+ mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data (named information object). */
- mbedtls_pk_context pk; /**< Container for the public key context. */
+ mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key context. */
- mbedtls_x509_buf sig_oid;
- mbedtls_x509_buf sig;
- mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
- mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
- void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
+ mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid);
+ mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
+ mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
+ mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
+ void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
}
mbedtls_x509_csr;
@@ -71,10 +72,10 @@
*/
typedef struct mbedtls_x509write_csr
{
- mbedtls_pk_context *key;
- mbedtls_asn1_named_data *subject;
- mbedtls_md_type_t md_alg;
- mbedtls_asn1_named_data *extensions;
+ mbedtls_pk_context *MBEDTLS_PRIVATE(key);
+ mbedtls_asn1_named_data *MBEDTLS_PRIVATE(subject);
+ mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg);
+ mbedtls_asn1_named_data *MBEDTLS_PRIVATE(extensions);
}
mbedtls_x509write_csr;
@@ -235,6 +236,7 @@
* \param ctx CSR context to use
* \param oid OID of the extension
* \param oid_len length of the OID
+ * \param critical Set to 1 to mark the extension as critical, 0 otherwise.
* \param val value of the extension OCTET STRING
* \param val_len length of the value data
*
@@ -242,6 +244,7 @@
*/
int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr *ctx,
const char *oid, size_t oid_len,
+ int critical,
const unsigned char *val, size_t val_len );
/**
diff --git a/include/mbedtls/xtea.h b/include/mbedtls/xtea.h
index 5ce2fe4..72c998e 100644
--- a/include/mbedtls/xtea.h
+++ b/include/mbedtls/xtea.h
@@ -21,6 +21,7 @@
*/
#ifndef MBEDTLS_XTEA_H
#define MBEDTLS_XTEA_H
+#include "mbedtls/private_access.h"
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -49,7 +50,7 @@
*/
typedef struct mbedtls_xtea_context
{
- uint32_t k[4]; /*!< key */
+ uint32_t MBEDTLS_PRIVATE(k)[4]; /*!< key */
}
mbedtls_xtea_context;
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 6aa7ccc..534902f 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -112,12 +112,6 @@
* This macro returns a suitable initializer for a key attribute structure
* of type #psa_key_attributes_t.
*/
-#ifdef __DOXYGEN_ONLY__
-/* This is an example definition for documentation purposes.
- * Implementations should define a suitable value in `crypto_struct.h`.
- */
-#define PSA_KEY_ATTRIBUTES_INIT {0}
-#endif
/** Return an initial value for a key attributes structure.
*/
@@ -938,8 +932,8 @@
* \endcode
*
* This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure except
- * as directed by the documentation of a specific implementation. */
+ * make any assumptions about the content of this structure.
+ * Implementation details can change in future versions without notice. */
typedef struct psa_hash_operation_s psa_hash_operation_t;
/** \def PSA_HASH_OPERATION_INIT
@@ -947,12 +941,6 @@
* This macro returns a suitable initializer for a hash operation object
* of type #psa_hash_operation_t.
*/
-#ifdef __DOXYGEN_ONLY__
-/* This is an example definition for documentation purposes.
- * Implementations should define a suitable value in `crypto_struct.h`.
- */
-#define PSA_HASH_OPERATION_INIT {0}
-#endif
/** Return an initial value for a hash operation object.
*/
@@ -1307,9 +1295,10 @@
* operation = psa_mac_operation_init();
* \endcode
*
+ *
* This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure except
- * as directed by the documentation of a specific implementation. */
+ * make any assumptions about the content of this structure.
+ * Implementation details can change in future versions without notice. */
typedef struct psa_mac_operation_s psa_mac_operation_t;
/** \def PSA_MAC_OPERATION_INIT
@@ -1317,12 +1306,6 @@
* This macro returns a suitable initializer for a MAC operation object of type
* #psa_mac_operation_t.
*/
-#ifdef __DOXYGEN_ONLY__
-/* This is an example definition for documentation purposes.
- * Implementations should define a suitable value in `crypto_struct.h`.
- */
-#define PSA_MAC_OPERATION_INIT {0}
-#endif
/** Return an initial value for a MAC operation object.
*/
@@ -1732,8 +1715,8 @@
* \endcode
*
* This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure except
- * as directed by the documentation of a specific implementation. */
+ * make any assumptions about the content of this structure.
+ * Implementation details can change in future versions without notice. */
typedef struct psa_cipher_operation_s psa_cipher_operation_t;
/** \def PSA_CIPHER_OPERATION_INIT
@@ -1741,12 +1724,6 @@
* This macro returns a suitable initializer for a cipher operation object of
* type #psa_cipher_operation_t.
*/
-#ifdef __DOXYGEN_ONLY__
-/* This is an example definition for documentation purposes.
- * Implementations should define a suitable value in `crypto_struct.h`.
- */
-#define PSA_CIPHER_OPERATION_INIT {0}
-#endif
/** Return an initial value for a cipher operation object.
*/
@@ -2261,8 +2238,8 @@
* \endcode
*
* This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure except
- * as directed by the documentation of a specific implementation. */
+ * make any assumptions about the content of this structure.
+ * Implementation details can change in future versions without notice. */
typedef struct psa_aead_operation_s psa_aead_operation_t;
/** \def PSA_AEAD_OPERATION_INIT
@@ -2270,12 +2247,6 @@
* This macro returns a suitable initializer for an AEAD operation object of
* type #psa_aead_operation_t.
*/
-#ifdef __DOXYGEN_ONLY__
-/* This is an example definition for documentation purposes.
- * Implementations should define a suitable value in `crypto_struct.h`.
- */
-#define PSA_AEAD_OPERATION_INIT {0}
-#endif
/** Return an initial value for an AEAD operation object.
*/
@@ -3260,8 +3231,8 @@
* \endcode
*
* This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure except
- * as directed by the documentation of a specific implementation.
+ * make any assumptions about the content of this structure.
+ * Implementation details can change in future versions without notice.
*/
typedef struct psa_key_derivation_s psa_key_derivation_operation_t;
@@ -3270,12 +3241,6 @@
* This macro returns a suitable initializer for a key derivation operation
* object of type #psa_key_derivation_operation_t.
*/
-#ifdef __DOXYGEN_ONLY__
-/* This is an example definition for documentation purposes.
- * Implementations should define a suitable value in `crypto_struct.h`.
- */
-#define PSA_KEY_DERIVATION_OPERATION_INIT {0}
-#endif
/** Return an initial value for a key derivation operation object.
*/
diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h
index 1d11b00..b05660f 100644
--- a/include/psa/crypto_builtin_composites.h
+++ b/include/psa/crypto_builtin_composites.h
@@ -32,6 +32,7 @@
#ifndef PSA_CRYPTO_BUILTIN_COMPOSITES_H
#define PSA_CRYPTO_BUILTIN_COMPOSITES_H
+#include "mbedtls/private_access.h"
#include <psa/crypto_driver_common.h>
@@ -47,11 +48,11 @@
typedef struct
{
/** The HMAC algorithm in use */
- psa_algorithm_t alg;
+ psa_algorithm_t MBEDTLS_PRIVATE(alg);
/** The hash context. */
struct psa_hash_operation_s hash_ctx;
/** The HMAC part of the context. */
- uint8_t opad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
+ uint8_t MBEDTLS_PRIVATE(opad)[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
} mbedtls_psa_hmac_operation_t;
#define MBEDTLS_PSA_HMAC_OPERATION_INIT {0, PSA_HASH_OPERATION_INIT, {0}}
@@ -61,17 +62,17 @@
typedef struct
{
- psa_algorithm_t alg;
+ psa_algorithm_t MBEDTLS_PRIVATE(alg);
union
{
- unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
+ unsigned MBEDTLS_PRIVATE(dummy); /* Make the union non-empty even with no supported algorithms. */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
- mbedtls_psa_hmac_operation_t hmac;
+ mbedtls_psa_hmac_operation_t MBEDTLS_PRIVATE(hmac);
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
- mbedtls_cipher_context_t cmac;
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cmac);
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
- } ctx;
+ } MBEDTLS_PRIVATE(ctx);
} mbedtls_psa_mac_operation_t;
#define MBEDTLS_PSA_MAC_OPERATION_INIT {0, {0}}
diff --git a/include/psa/crypto_builtin_primitives.h b/include/psa/crypto_builtin_primitives.h
index 75801a1..674c7d0 100644
--- a/include/psa/crypto_builtin_primitives.h
+++ b/include/psa/crypto_builtin_primitives.h
@@ -32,6 +32,7 @@
#ifndef PSA_CRYPTO_BUILTIN_PRIMITIVES_H
#define PSA_CRYPTO_BUILTIN_PRIMITIVES_H
+#include "mbedtls/private_access.h"
#include <psa/crypto_driver_common.h>
@@ -61,32 +62,32 @@
typedef struct
{
- psa_algorithm_t alg;
+ psa_algorithm_t MBEDTLS_PRIVATE(alg);
union
{
- unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
+ unsigned MBEDTLS_PRIVATE(dummy); /* Make the union non-empty even with no supported algorithms. */
#if defined(MBEDTLS_MD2_C)
- mbedtls_md2_context md2;
+ mbedtls_md2_context MBEDTLS_PRIVATE(md2);
#endif
#if defined(MBEDTLS_MD4_C)
- mbedtls_md4_context md4;
+ mbedtls_md4_context MBEDTLS_PRIVATE(md4);
#endif
#if defined(MBEDTLS_MD5_C)
- mbedtls_md5_context md5;
+ mbedtls_md5_context MBEDTLS_PRIVATE(md5);
#endif
#if defined(MBEDTLS_RIPEMD160_C)
- mbedtls_ripemd160_context ripemd160;
+ mbedtls_ripemd160_context MBEDTLS_PRIVATE(ripemd160);
#endif
#if defined(MBEDTLS_SHA1_C)
- mbedtls_sha1_context sha1;
+ mbedtls_sha1_context MBEDTLS_PRIVATE(sha1);
#endif
#if defined(MBEDTLS_SHA256_C)
- mbedtls_sha256_context sha256;
+ mbedtls_sha256_context MBEDTLS_PRIVATE(sha256);
#endif
#if defined(MBEDTLS_SHA512_C)
- mbedtls_sha512_context sha512;
+ mbedtls_sha512_context MBEDTLS_PRIVATE(sha512);
#endif
- } ctx;
+ } MBEDTLS_PRIVATE(ctx);
} mbedtls_psa_hash_operation_t;
#define MBEDTLS_PSA_HASH_OPERATION_INIT {0, {0}}
@@ -110,10 +111,10 @@
typedef struct {
/* Context structure for the Mbed TLS cipher implementation. */
- psa_algorithm_t alg;
- uint8_t iv_length;
- uint8_t block_length;
- mbedtls_cipher_context_t cipher;
+ psa_algorithm_t MBEDTLS_PRIVATE(alg);
+ uint8_t MBEDTLS_PRIVATE(iv_length);
+ uint8_t MBEDTLS_PRIVATE(block_length);
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher);
} mbedtls_psa_cipher_operation_t;
#define MBEDTLS_PSA_CIPHER_OPERATION_INIT {0, 0, 0, {0}}
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index a7b4ab5..51c0859 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -27,6 +27,7 @@
#ifndef PSA_CRYPTO_EXTRA_H
#define PSA_CRYPTO_EXTRA_H
+#include "mbedtls/private_access.h"
#include "mbedtls/platform_util.h"
@@ -71,7 +72,7 @@
psa_key_attributes_t *attributes,
psa_algorithm_t alg2)
{
- attributes->core.policy.alg2 = alg2;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) = alg2;
}
/** Retrieve the enrollment algorithm policy from key attributes.
@@ -83,7 +84,7 @@
static inline psa_algorithm_t psa_get_key_enrollment_algorithm(
const psa_key_attributes_t *attributes)
{
- return( attributes->core.policy.alg2 );
+ return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) );
}
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
@@ -141,8 +142,8 @@
psa_key_attributes_t *attributes,
psa_key_slot_number_t slot_number )
{
- attributes->core.flags |= MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
- attributes->slot_number = slot_number;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) |= MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
+ attributes->MBEDTLS_PRIVATE(slot_number) = slot_number;
}
/** Remove the slot number attribute from a key attribute structure.
@@ -154,7 +155,7 @@
static inline void psa_clear_key_slot_number(
psa_key_attributes_t *attributes )
{
- attributes->core.flags &= ~MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) &= ~MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
}
/** Register a key that is already present in a secure element.
@@ -226,26 +227,26 @@
typedef struct mbedtls_psa_stats_s
{
/** Number of slots containing key material for a volatile key. */
- size_t volatile_slots;
+ size_t MBEDTLS_PRIVATE(volatile_slots);
/** Number of slots containing key material for a key which is in
* internal persistent storage. */
- size_t persistent_slots;
+ size_t MBEDTLS_PRIVATE(persistent_slots);
/** Number of slots containing a reference to a key in a
* secure element. */
- size_t external_slots;
+ size_t MBEDTLS_PRIVATE(external_slots);
/** Number of slots which are occupied, but do not contain
* key material yet. */
- size_t half_filled_slots;
+ size_t MBEDTLS_PRIVATE(half_filled_slots);
/** Number of slots that contain cache data. */
- size_t cache_slots;
+ size_t MBEDTLS_PRIVATE(cache_slots);
/** Number of slots that are not used for anything. */
- size_t empty_slots;
+ size_t MBEDTLS_PRIVATE(empty_slots);
/** Number of slots that are locked. */
- size_t locked_slots;
+ size_t MBEDTLS_PRIVATE(locked_slots);
/** Largest key id value among open keys in internal persistent storage. */
- psa_key_id_t max_open_internal_key_id;
+ psa_key_id_t MBEDTLS_PRIVATE(max_open_internal_key_id);
/** Largest key id value among open keys in secure elements. */
- psa_key_id_t max_open_external_key_id;
+ psa_key_id_t MBEDTLS_PRIVATE(max_open_external_key_id);
} mbedtls_psa_stats_t;
/** \brief Get statistics about
@@ -813,6 +814,1009 @@
/** @} */
+/** \addtogroup crypto_types
+ * @{
+ */
+
+#define PSA_ALG_CATEGORY_PAKE ((psa_algorithm_t)0x0a000000)
+
+/** Whether the specified algorithm is a password-authenticated key exchange.
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \p alg is a password-authenticated key exchange (PAKE)
+ * algorithm, 0 otherwise.
+ * This macro may return either 0 or 1 if \p alg is not a supported
+ * algorithm identifier.
+ */
+#define PSA_ALG_IS_PAKE(alg) \
+ (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_PAKE)
+
+/** The Password-authenticated key exchange by juggling (J-PAKE) algorithm.
+ *
+ * This is J-PAKE as defined by RFC 8236, instantiated with the following
+ * parameters:
+ *
+ * - The group can be either an elliptic curve or defined over a finite field.
+ * - Schnorr NIZK proof as defined by RFC 8235 and using the same group as the
+ * J-PAKE algorithm.
+ * - A cryptographic hash function.
+ *
+ * To select these parameters and set up the cipher suite, call these functions
+ * in any order:
+ *
+ * \code
+ * psa_pake_cs_set_algorithm(cipher_suite, PSA_ALG_JPAKE);
+ * psa_pake_cs_set_primitive(cipher_suite,
+ * PSA_PAKE_PRIMITIVE(type, family, bits));
+ * psa_pake_cs_set_hash(cipher_suite, hash);
+ * \endcode
+ *
+ * For more information on how to set a specific curve or field, refer to the
+ * documentation of the individual \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants.
+ *
+ * After initializing a J-PAKE operation, call
+ *
+ * \code
+ * psa_pake_setup(operation, cipher_suite);
+ * psa_pake_set_user(operation, ...);
+ * psa_pake_set_peer(operation, ...);
+ * psa_pake_set_password_key(operation, ...);
+ * \endcode
+ *
+ * The password is read as a byte array and must be non-empty. This can be the
+ * password itself (in some pre-defined character encoding) or some value
+ * derived from the password as mandated by some higher level protocol.
+ *
+ * (The implementation converts this byte array to a number as described in
+ * Section 2.3.8 of _SEC 1: Elliptic Curve Cryptography_
+ * (https://www.secg.org/sec1-v2.pdf), before reducing it modulo \c q. Here
+ * \c q is order of the group defined by the primitive set in the cipher suite.
+ * The \c psa_pake_set_password_xxx() functions return an error if the result
+ * of the reduction is 0.)
+ *
+ * The key exchange flow for J-PAKE is as follows:
+ * -# To get the first round data that needs to be sent to the peer, call
+ * \code
+ * // Get g1
+ * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...);
+ * // Get the ZKP public key for x1
+ * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...);
+ * // Get the ZKP proof for x1
+ * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PROOF, ...);
+ * // Get g2
+ * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...);
+ * // Get the ZKP public key for x2
+ * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...);
+ * // Get the ZKP proof for x2
+ * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PROOF, ...);
+ * \endcode
+ * -# To provide the first round data received from the peer to the operation,
+ * call
+ * \code
+ * // Set g3
+ * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...);
+ * // Set the ZKP public key for x3
+ * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...);
+ * // Set the ZKP proof for x3
+ * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PROOF, ...);
+ * // Set g4
+ * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...);
+ * // Set the ZKP public key for x4
+ * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...);
+ * // Set the ZKP proof for x4
+ * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PROOF, ...);
+ * \endcode
+ * -# To get the second round data that needs to be sent to the peer, call
+ * \code
+ * // Get A
+ * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...);
+ * // Get ZKP public key for x2*s
+ * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...);
+ * // Get ZKP proof for x2*s
+ * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PROOF, ...);
+ * \endcode
+ * -# To provide the second round data received from the peer to the operation,
+ * call
+ * \code
+ * // Set B
+ * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...);
+ * // Set ZKP public key for x4*s
+ * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...);
+ * // Set ZKP proof for x4*s
+ * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PROOF, ...);
+ * \endcode
+ * -# To access the shared secret call
+ * \code
+ * // Get Ka=Kb=K
+ * psa_pake_get_implicit_key()
+ * \endcode
+ *
+ * For more information consult the documentation of the individual
+ * \c PSA_PAKE_STEP_XXX constants.
+ *
+ * At this point there is a cryptographic guarantee that only the authenticated
+ * party who used the same password is able to compute the key. But there is no
+ * guarantee that the peer is the party it claims to be and was able to do so.
+ *
+ * That is, the authentication is only implicit (the peer is not authenticated
+ * at this point, and no action should be taken that assume that they are - like
+ * for example accessing restricted files).
+ *
+ * To make the authentication explicit there are various methods, see Section 5
+ * of RFC 8236 for two examples.
+ *
+ */
+#define PSA_ALG_JPAKE ((psa_algorithm_t)0x0a000100)
+
+/** @} */
+
+/** \defgroup pake Password-authenticated key exchange (PAKE)
+ *
+ * This is a proposed PAKE interface for the PSA Crypto API. It is not part of
+ * the official PSA Crypto API yet.
+ *
+ * \note The content of this section is not part of the stable API and ABI
+ * of Mbed Crypto and may change arbitrarily from version to version.
+ * Same holds for the corresponding macros #PSA_ALG_CATEGORY_PAKE and
+ * #PSA_ALG_JPAKE.
+ * @{
+ */
+
+/** \brief Encoding of the side of PAKE
+ *
+ * Encodes which side of the algorithm is being executed. For more information
+ * see the documentation of individual \c PSA_PAKE_SIDE_XXX constants.
+ */
+typedef uint8_t psa_pake_side_t;
+
+/** Encoding of input and output indicators for PAKE.
+ *
+ * Some PAKE algorithms need to exchange more data than just a single key share.
+ * This type is for encoding additional input and output data for such
+ * algorithms.
+ */
+typedef uint8_t psa_pake_step_t;
+
+/** Encoding of the type of the PAKE's primitive.
+ *
+ * Values defined by this standard will never be in the range 0x80-0xff.
+ * Vendors who define additional types must use an encoding in this range.
+ *
+ * For more information see the documentation of individual
+ * \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants.
+ */
+typedef uint8_t psa_pake_primitive_type_t;
+
+/** \brief Encoding of the family of the primitive associated with the PAKE.
+ *
+ * For more information see the documentation of individual
+ * \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants.
+ */
+typedef uint8_t psa_pake_family_t;
+
+/** \brief Encoding of the primitive associated with the PAKE.
+ *
+ * For more information see the documentation of the #PSA_PAKE_PRIMITIVE macro.
+ */
+typedef uint32_t psa_pake_primitive_t;
+
+/** The first peer in a balanced PAKE.
+ *
+ * Although balanced PAKE algorithms are symmetric, some of them needs an
+ * ordering of peers for the transcript calculations. If the algorithm does not
+ * need this, both #PSA_PAKE_SIDE_FIRST and #PSA_PAKE_SIDE_SECOND are
+ * accepted.
+ */
+#define PSA_PAKE_SIDE_FIRST ((psa_pake_side_t)0x01)
+
+/** The second peer in a balanced PAKE.
+ *
+ * Although balanced PAKE algorithms are symmetric, some of them needs an
+ * ordering of peers for the transcript calculations. If the algorithm does not
+ * need this, either #PSA_PAKE_SIDE_FIRST or #PSA_PAKE_SIDE_SECOND are
+ * accepted.
+ */
+#define PSA_PAKE_SIDE_SECOND ((psa_pake_side_t)0x02)
+
+/** The client in an augmented PAKE.
+ *
+ * Augmented PAKE algorithms need to differentiate between client and server.
+ */
+#define PSA_PAKE_SIDE_CLIENT ((psa_pake_side_t)0x11)
+
+/** The server in an augmented PAKE.
+ *
+ * Augmented PAKE algorithms need to differentiate between client and server.
+ */
+#define PSA_PAKE_SIDE_SERVER ((psa_pake_side_t)0x12)
+
+/** The PAKE primitive type indicating the use of elliptic curves.
+ *
+ * The values of the \c family and \c bits fields of the cipher suite identify a
+ * specific elliptic curve, using the same mapping that is used for ECC
+ * (::psa_ecc_family_t) keys.
+ *
+ * (Here \c family means the value returned by psa_pake_cs_get_family() and
+ * \c bits means the value returned by psa_pake_cs_get_bits().)
+ *
+ * Input and output during the operation can involve group elements and scalar
+ * values:
+ * -# The format for group elements is the same as for public keys on the
+ * specific curve would be. For more information, consult the documentation of
+ * psa_export_public_key().
+ * -# The format for scalars is the same as for private keys on the specific
+ * curve would be. For more information, consult the documentation of
+ * psa_export_key().
+ */
+#define PSA_PAKE_PRIMITIVE_TYPE_ECC ((psa_pake_primitive_type_t)0x01)
+
+/** The PAKE primitive type indicating the use of Diffie-Hellman groups.
+ *
+ * The values of the \c family and \c bits fields of the cipher suite identify
+ * a specific Diffie-Hellman group, using the same mapping that is used for
+ * Diffie-Hellman (::psa_dh_family_t) keys.
+ *
+ * (Here \c family means the value returned by psa_pake_cs_get_family() and
+ * \c bits means the value returned by psa_pake_cs_get_bits().)
+ *
+ * Input and output during the operation can involve group elements and scalar
+ * values:
+ * -# The format for group elements is the same as for public keys on the
+ * specific group would be. For more information, consult the documentation of
+ * psa_export_public_key().
+ * -# The format for scalars is the same as for private keys on the specific
+ * group would be. For more information, consult the documentation of
+ * psa_export_key().
+ */
+#define PSA_PAKE_PRIMITIVE_TYPE_DH ((psa_pake_primitive_type_t)0x02)
+
+/** Construct a PAKE primitive from type, family and bit-size.
+ *
+ * \param pake_type The type of the primitive
+ * (value of type ::psa_pake_primitive_type_t).
+ * \param pake_family The family of the primitive
+ * (the type and interpretation of this parameter depends
+ * on \p type, for more information consult the
+ * documentation of individual ::psa_pake_primitive_type_t
+ * constants).
+ * \param pake_bits The bit-size of the primitive
+ * (Value of type \c size_t. The interpretation
+ * of this parameter depends on \p family, for more
+ * information consult the documentation of individual
+ * ::psa_pake_primitive_type_t constants).
+ *
+ * \return The constructed primitive value of type ::psa_pake_primitive_t.
+ * Return 0 if the requested primitive can't be encoded as
+ * ::psa_pake_primitive_t.
+ */
+#define PSA_PAKE_PRIMITIVE(pake_type, pake_family, pake_bits) \
+ ((pake_bits & 0xFFFF) != pake_bits) ? 0 : \
+ ((psa_pake_primitive_t) (((pake_type) << 24 | \
+ (pake_family) << 16) | (pake_bits)))
+
+/** The key share being sent to or received from the peer.
+ *
+ * The format for both input and output at this step is the same as for public
+ * keys on the group determined by the primitive (::psa_pake_primitive_t) would
+ * be.
+ *
+ * For more information on the format, consult the documentation of
+ * psa_export_public_key().
+ *
+ * For information regarding how the group is determined, consult the
+ * documentation #PSA_PAKE_PRIMITIVE.
+ */
+#define PSA_PAKE_STEP_KEY_SHARE ((psa_pake_step_t)0x01)
+
+/** A Schnorr NIZKP public key.
+ *
+ * This is the ephemeral public key in the Schnorr Non-Interactive
+ * Zero-Knowledge Proof (the value denoted by the letter 'V' in RFC 8235).
+ *
+ * The format for both input and output at this step is the same as for public
+ * keys on the group determined by the primitive (::psa_pake_primitive_t) would
+ * be.
+ *
+ * For more information on the format, consult the documentation of
+ * psa_export_public_key().
+ *
+ * For information regarding how the group is determined, consult the
+ * documentation #PSA_PAKE_PRIMITIVE.
+ */
+#define PSA_PAKE_STEP_ZK_PUBLIC ((psa_pake_step_t)0x02)
+
+/** A Schnorr NIZKP proof.
+ *
+ * This is the proof in the Schnorr Non-Interactive Zero-Knowledge Proof (the
+ * value denoted by the letter 'r' in RFC 8235).
+ *
+ * Both for input and output, the value at this step is an integer less than
+ * the order of the group selected in the cipher suite. The format depends on
+ * the group as well:
+ *
+ * - For Montgomery curves, the encoding is little endian.
+ * - For everything else the encoding is big endian (see Section 2.3.8 of
+ * _SEC 1: Elliptic Curve Cryptography_ at https://www.secg.org/sec1-v2.pdf).
+ *
+ * In both cases leading zeroes are allowed as long as the length in bytes does
+ * not exceed the byte length of the group order.
+ *
+ * For information regarding how the group is determined, consult the
+ * documentation #PSA_PAKE_PRIMITIVE.
+ */
+#define PSA_PAKE_STEP_ZK_PROOF ((psa_pake_step_t)0x03)
+
+/** The type of the data strucure for PAKE cipher suites.
+ *
+ * This is an implementation-defined \c struct. Applications should not
+ * make any assumptions about the content of this structure.
+ * Implementation details can change in future versions without notice.
+ */
+typedef struct psa_pake_cipher_suite_s psa_pake_cipher_suite_t;
+
+/** Retrieve the PAKE algorithm from a PAKE cipher suite.
+ *
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate its argument exactly once.
+ *
+ * \param[in] cipher_suite The cipher suite structure to query.
+ *
+ * \return The PAKE algorithm stored in the cipher suite structure.
+ */
+static psa_algorithm_t psa_pake_cs_get_algorithm(
+ const psa_pake_cipher_suite_t* cipher_suite
+ );
+
+/** Declare the PAKE algorithm for the cipher suite.
+ *
+ * This function overwrites any PAKE algorithm
+ * previously set in \p cipher_suite.
+ *
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate each of its arguments exactly once.
+ *
+ * \param[out] cipher_suite The cipher suite structure to write to.
+ * \param algorithm The PAKE algorithm to write.
+ * (`PSA_ALG_XXX` values of type ::psa_algorithm_t
+ * such that #PSA_ALG_IS_PAKE(\c alg) is true.)
+ * If this is 0, the PAKE algorithm in
+ * \p cipher_suite becomes unspecified.
+ */
+static void psa_pake_cs_set_algorithm(
+ psa_pake_cipher_suite_t* cipher_suite,
+ psa_algorithm_t algorithm
+ );
+
+/** Retrieve the primitive from a PAKE cipher suite.
+ *
+ * This function may be declared as `static` (i.e. without external linkage).
+ * This function may be provided as a function-like macro, but in this case it
+ * must evaluate its argument exactly once.
+ *
+ * \param[in] cipher_suite The cipher suite structure to query.
+ *
+ * \return The primitive stored in the cipher suite structure.
+ */
+static psa_pake_primitive_t psa_pake_cs_get_primitive(
+ const psa_pake_cipher_suite_t* cipher_suite
+ );
+
+/** Declare the primitive for a PAKE cipher suite.
+ *
+ * This function overwrites any primitive previously set in \p cipher_suite.
+ *
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate each of its arguments exactly once.
+ *
+ * \param[out] cipher_suite The cipher suite structure to write to.
+ * \param primitive The primitive to write. If this is 0, the
+ * primitive type in \p cipher_suite becomes
+ * unspecified.
+ */
+static void psa_pake_cs_set_primitive(
+ psa_pake_cipher_suite_t* cipher_suite,
+ psa_pake_primitive_t primitive
+ );
+
+/** Retrieve the hash algorithm from a PAKE cipher suite.
+ *
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate its argument exactly once.
+ *
+ * \param[in] cipher_suite The cipher suite structure to query.
+ *
+ * \return The hash algorithm stored in the cipher suite structure. The return
+ * value is 0 if the PAKE is not parametrised by a hash algorithm or if
+ * the hash algorithm is not set.
+ */
+static psa_algorithm_t psa_pake_cs_get_hash(
+ const psa_pake_cipher_suite_t* cipher_suite
+ );
+
+/** Declare the hash algorithm for a PAKE cipher suite.
+ *
+ * This function overwrites any hash algorithm
+ * previously set in \p cipher_suite.
+ *
+ * This function may be declared as `static` (i.e. without external
+ * linkage). This function may be provided as a function-like macro,
+ * but in this case it must evaluate each of its arguments exactly once.
+ *
+ * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+ * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+ * for more information.
+ *
+ * \param[out] cipher_suite The cipher suite structure to write to.
+ * \param hash The hash involved in the cipher suite.
+ * (`PSA_ALG_XXX` values of type ::psa_algorithm_t
+ * such that #PSA_ALG_IS_HASH(\c alg) is true.)
+ * If this is 0, the hash algorithm in
+ * \p cipher_suite becomes unspecified.
+ */
+static void psa_pake_cs_set_hash(
+ psa_pake_cipher_suite_t* cipher_suite,
+ psa_algorithm_t hash
+ );
+
+/** The type of the state data structure for PAKE operations.
+ *
+ * Before calling any function on a PAKE operation object, the application
+ * must initialize it by any of the following means:
+ * - Set the structure to all-bits-zero, for example:
+ * \code
+ * psa_pake_operation_t operation;
+ * memset(&operation, 0, sizeof(operation));
+ * \endcode
+ * - Initialize the structure to logical zero values, for example:
+ * \code
+ * psa_pake_operation_t operation = {0};
+ * \endcode
+ * - Initialize the structure to the initializer #PSA_PAKE_OPERATION_INIT,
+ * for example:
+ * \code
+ * psa_pake_operation_t operation = PSA_PAKE_OPERATION_INIT;
+ * \endcode
+ * - Assign the result of the function psa_pake_operation_init()
+ * to the structure, for example:
+ * \code
+ * psa_pake_operation_t operation;
+ * operation = psa_pake_operation_init();
+ * \endcode
+ *
+ * This is an implementation-defined \c struct. Applications should not
+ * make any assumptions about the content of this structure.
+ * Implementation details can change in future versions without notice. */
+typedef struct psa_pake_operation_s psa_pake_operation_t;
+
+/** Return an initial value for an PAKE operation object.
+ */
+static psa_pake_operation_t psa_pake_operation_init(void);
+
+/** Set the session information for a password-authenticated key exchange.
+ *
+ * The sequence of operations to set up a password-authenticated key exchange
+ * is as follows:
+ * -# Allocate an operation object which will be passed to all the functions
+ * listed here.
+ * -# Initialize the operation object with one of the methods described in the
+ * documentation for #psa_pake_operation_t, e.g.
+ * #PSA_PAKE_OPERATION_INIT.
+ * -# Call psa_pake_setup() to specify the cipher suite.
+ * -# Call \c psa_pake_set_xxx() functions on the operation to complete the
+ * setup. The exact sequence of \c psa_pake_set_xxx() functions that needs
+ * to be called depends on the algorithm in use.
+ *
+ * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+ * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+ * for more information.
+ *
+ * A typical sequence of calls to perform a password-authenticated key
+ * exchange:
+ * -# Call psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...) to get the
+ * key share that needs to be sent to the peer.
+ * -# Call psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...) to provide
+ * the key share that was received from the peer.
+ * -# Depending on the algorithm additional calls to psa_pake_output() and
+ * psa_pake_input() might be necessary.
+ * -# Call psa_pake_get_implicit_key() for accessing the shared secret.
+ *
+ * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+ * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+ * for more information.
+ *
+ * If an error occurs at any step after a call to psa_pake_setup(),
+ * the operation will need to be reset by a call to psa_pake_abort(). The
+ * application may call psa_pake_abort() at any time after the operation
+ * has been initialized.
+ *
+ * After a successful call to psa_pake_setup(), the application must
+ * eventually terminate the operation. The following events terminate an
+ * operation:
+ * - A call to psa_pake_abort().
+ * - A successful call to psa_pake_get_implicit_key().
+ *
+ * \param[in,out] operation The operation object to set up. It must have
+ * been initialized but not set up yet.
+ * \param cipher_suite The cipher suite to use. (A cipher suite fully
+ * characterizes a PAKE algorithm and determines
+ * the algorithm as well.)
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * The \p cipher_suite is not supported or is not valid.
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_pake_setup(psa_pake_operation_t *operation,
+ psa_pake_cipher_suite_t cipher_suite);
+
+/** Set the password for a password-authenticated key exchange from key ID.
+ *
+ * Call this function when the password, or a value derived from the password,
+ * is already present in the key store.
+ *
+ * \param[in,out] operation The operation object to set the password for. It
+ * must have been set up by psa_pake_setup() and
+ * not yet in use (neither psa_pake_output() nor
+ * psa_pake_input() has been called yet). It must
+ * be on operation for which the password hasn't
+ * been set yet (psa_pake_set_password_key()
+ * hasn't been called yet).
+ * \param password Identifier of the key holding the password or a
+ * value derived from the password (eg. by a
+ * memory-hard function). It must remain valid
+ * until the operation terminates. It must be of
+ * type #PSA_KEY_TYPE_PASSWORD or
+ * #PSA_KEY_TYPE_PASSWORD_HASH. It has to allow
+ * the usage #PSA_KEY_USAGE_DERIVE.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (it must have been set up.)
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p key is not compatible with the algorithm or the cipher suite.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation,
+ mbedtls_svc_key_id_t password);
+
+/** Set the user ID for a password-authenticated key exchange.
+ *
+ * Call this function to set the user ID. For PAKE algorithms that associate a
+ * user identifier with each side of the session you need to call
+ * psa_pake_set_peer() as well. For PAKE algorithms that associate a single
+ * user identifier with the session, call psa_pake_set_user() only.
+ *
+ * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+ * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+ * for more information.
+ *
+ * \param[in,out] operation The operation object to set the user ID for. It
+ * must have been set up by psa_pake_setup() and
+ * not yet in use (neither psa_pake_output() nor
+ * psa_pake_input() has been called yet). It must
+ * be on operation for which the user ID hasn't
+ * been set (psa_pake_set_user() hasn't been
+ * called yet).
+ * \param[in] user_id The user ID to authenticate with.
+ * \param user_id_len Size of the \p user_id buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p user_id is NULL.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_pake_set_user(psa_pake_operation_t *operation,
+ const uint8_t *user_id,
+ size_t user_id_len);
+
+/** Set the peer ID for a password-authenticated key exchange.
+ *
+ * Call this function in addition to psa_pake_set_user() for PAKE algorithms
+ * that associate a user identifier with each side of the session. For PAKE
+ * algorithms that associate a single user identifier with the session, call
+ * psa_pake_set_user() only.
+ *
+ * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+ * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+ * for more information.
+ *
+ * \param[in,out] operation The operation object to set the peer ID for. It
+ * must have been set up by psa_pake_setup() and
+ * not yet in use (neither psa_pake_output() nor
+ * psa_pake_input() has been called yet). It must
+ * be on operation for which the peer ID hasn't
+ * been set (psa_pake_set_peer() hasn't been
+ * called yet).
+ * \param[in] peer_id The peer's ID to authenticate.
+ * \param peer_id_len Size of the \p peer_id buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * The algorithm doesn't associate a second identity with the session.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p user_id is NULL.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_pake_set_peer(psa_pake_operation_t *operation,
+ const uint8_t *peer_id,
+ size_t peer_id_len);
+
+/** Set the side for a password-authenticated key exchange.
+ *
+ * Not all PAKE algorithms need to differentiate the communicating entities.
+ * It is optional to call this function for PAKEs that don't require a side
+ * parameter. For such PAKEs the side parameter is ignored.
+ *
+ * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
+ * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
+ * for more information.
+ *
+ * \param[in,out] operation The operation object to set the side for. It
+ * must have been set up by psa_pake_setup() and
+ * not yet in use (neither psa_pake_output() nor
+ * psa_pake_input() has been called yet). It must
+ * be on operation for which the side hasn't been
+ * set (psa_pake_set_side() hasn't been called
+ * yet).
+ * \param side A value of type ::psa_pake_side_t signaling the
+ * side of the algorithm that is being set up. For
+ * more information see the documentation of
+ * \c PSA_PAKE_SIDE_XXX constants.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * The \p side for this algorithm is not supported or is not valid.
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_pake_set_side(psa_pake_operation_t *operation,
+ psa_pake_side_t side);
+
+/** Get output for a step of a password-authenticated key exchange.
+ *
+ * Depending on the algorithm being executed, you might need to call this
+ * function several times or you might not need to call this at all.
+ *
+ * The exact sequence of calls to perform a password-authenticated key
+ * exchange depends on the algorithm in use. Refer to the documentation of
+ * individual PAKE algorithm types (`PSA_ALG_XXX` values of type
+ * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more
+ * information.
+ *
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_pake_abort().
+ *
+ * \param[in,out] operation Active PAKE operation.
+ * \param step The step of the algorithm for which the output is
+ * requested.
+ * \param[out] output Buffer where the output is to be written in the
+ * format appropriate for this \p step. Refer to
+ * the documentation of the individual
+ * \c PSA_PAKE_STEP_XXX constants for more
+ * information.
+ * \param output_size Size of the \p output buffer in bytes. This must
+ * be at least #PSA_PAKE_OUTPUT_SIZE(\p alg, \c
+ * cipher_suite, \p type).
+ *
+ * \param[out] output_length On success, the number of bytes of the returned
+ * output.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (it must be active, but beyond that
+ * validity is specific to the algorithm).
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p output buffer is too small.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_pake_output(psa_pake_operation_t *operation,
+ psa_pake_step_t step,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length);
+
+/** Provide input for a step of a password-authenticated key exchange.
+ *
+ * Depending on the algorithm being executed, you might need to call this
+ * function several times or you might not need to call this at all.
+ *
+ * The exact sequence of calls to perform a password-authenticated key
+ * exchange depends on the algorithm in use. Refer to the documentation of
+ * individual PAKE algorithm types (`PSA_ALG_XXX` values of type
+ * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more
+ * information.
+ *
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_pake_abort().
+ *
+ * \param[in,out] operation Active PAKE operation.
+ * \param step The step for which the input is provided.
+ * \param[out] input Buffer containing the input in the format
+ * appropriate for this \p step. Refer to the
+ * documentation of the individual
+ * \c PSA_PAKE_STEP_XXX constants for more
+ * information.
+ * \param[out] input_length Size of the \p input buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (it must be active, but beyond that
+ * validity is specific to the algorithm).
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The input is not valid for the algorithm, ciphersuite or \p step.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_pake_input(psa_pake_operation_t *operation,
+ psa_pake_step_t step,
+ uint8_t *input,
+ size_t input_length);
+
+/** Get implicitly confirmed shared secret from a PAKE.
+ *
+ * At this point there is a cryptographic guarantee that only the authenticated
+ * party who used the same password is able to compute the key. But there is no
+ * guarantee that the peer is the party it claims to be and was able to do so.
+ *
+ * That is, the authentication is only implicit. Since the peer is not
+ * authenticated yet, no action should be taken yet that assumes that the peer
+ * is who it claims to be. For example, do not access restricted files on the
+ * peer's behalf until an explicit authentication has succeeded.
+ *
+ * This function can be called after the key exchange phase of the operation
+ * has completed. It imports the shared secret output of the PAKE into the
+ * provided derivation operation. The input step
+ * #PSA_KEY_DERIVATION_INPUT_SECRET is used when placing the shared key
+ * material in the key derivation operation.
+ *
+ * The exact sequence of calls to perform a password-authenticated key
+ * exchange depends on the algorithm in use. Refer to the documentation of
+ * individual PAKE algorithm types (`PSA_ALG_XXX` values of type
+ * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more
+ * information.
+ *
+ * When this function returns successfully, \p operation becomes inactive.
+ * If this function returns an error status, both \p operation
+ * and \p key_derivation operations enter an error state and must be aborted by
+ * calling psa_pake_abort() and psa_key_derivation_abort() respectively.
+ *
+ * \param[in,out] operation Active PAKE operation.
+ * \param[out] output A key derivation operation that is ready
+ * for an input step of type
+ * #PSA_KEY_DERIVATION_INPUT_SECRET.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The PAKE operation state is not valid (it must be active, but beyond
+ * that validity is specific to the algorithm).
+ * \retval #PSA_ERROR_BAD_STATE
+ * The state of \p output is not valid for
+ * the #PSA_KEY_DERIVATION_INPUT_SECRET step. This can happen if the
+ * step is out of order or the application has done this step already
+ * and it may not be repeated.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * #PSA_KEY_DERIVATION_INPUT_SECRET is not compatible with the output’s
+ * algorithm.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_pake_get_implicit_key(psa_pake_operation_t *operation,
+ psa_key_derivation_operation_t *output);
+
+/**@}*/
+
+/** A sufficient output buffer size for psa_pake_output().
+ *
+ * If the size of the output buffer is at least this large, it is guaranteed
+ * that psa_pake_output() will not fail due to an insufficient output buffer
+ * size. The actual size of the output might be smaller in any given call.
+ *
+ * See also #PSA_PAKE_OUTPUT_MAX_SIZE
+ *
+ * \param alg A PAKE algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_PAKE(\p alg) is true).
+ * \param primitive A primitive of type ::psa_pake_primitive_t that is
+ * compatible with algorithm \p alg.
+ * \param output_step A value of type ::psa_pake_step_t that is valid for the
+ * algorithm \p alg.
+ * \return A sufficient output buffer size for the specified
+ * output, cipher suite and algorithm. If the cipher suite,
+ * the output type or PAKE algorithm is not recognized, or
+ * the parameters are incompatible, return 0.
+ */
+#define PSA_PAKE_OUTPUT_SIZE(alg, primitive, output_step) 0
+
+/** A sufficient input buffer size for psa_pake_input().
+ *
+ * The value returned by this macro is guaranteed to be large enough for any
+ * valid input to psa_pake_input() in an operation with the specified
+ * parameters.
+ *
+ * See also #PSA_PAKE_INPUT_MAX_SIZE
+ *
+ * \param alg A PAKE algorithm (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_PAKE(\p alg) is true).
+ * \param primitive A primitive of type ::psa_pake_primitive_t that is
+ * compatible with algorithm \p alg.
+ * \param input_step A value of type ::psa_pake_step_t that is valid for the
+ * algorithm \p alg.
+ * \return A sufficient input buffer size for the specified
+ * input, cipher suite and algorithm. If the cipher suite,
+ * the input type or PAKE algorithm is not recognized, or
+ * the parameters are incompatible, return 0.
+ */
+#define PSA_PAKE_INPUT_SIZE(alg, primitive, input_step) 0
+
+/** Output buffer size for psa_pake_output() for any of the supported cipher
+ * suites and PAKE algorithms.
+ *
+ * This macro must expand to a compile-time constant integer.
+ *
+ * See also #PSA_PAKE_OUTPUT_SIZE(\p alg, \p cipher_suite, \p output).
+ */
+#define PSA_PAKE_OUTPUT_MAX_SIZE 0
+
+/** Input buffer size for psa_pake_input() for any of the supported cipher
+ * suites and PAKE algorithms.
+ *
+ * This macro must expand to a compile-time constant integer.
+ *
+ * See also #PSA_PAKE_INPUT_SIZE(\p alg, \p cipher_suite, \p input).
+ */
+#define PSA_PAKE_INPUT_MAX_SIZE 0
+
+struct psa_pake_cipher_suite_s
+{
+ psa_algorithm_t algorithm;
+ psa_pake_primitive_type_t type;
+ psa_pake_family_t family;
+ uint16_t bits;
+ psa_algorithm_t hash;
+};
+
+static inline psa_algorithm_t psa_pake_cs_get_algorithm(
+ const psa_pake_cipher_suite_t *cipher_suite)
+{
+ return(cipher_suite->algorithm);
+}
+
+static inline void psa_pake_cs_set_algorithm(
+ psa_pake_cipher_suite_t *cipher_suite,
+ psa_algorithm_t algorithm)
+{
+ if(!PSA_ALG_IS_PAKE(algorithm))
+ cipher_suite->algorithm = 0;
+ else
+ cipher_suite->algorithm = algorithm;
+}
+
+static inline psa_pake_primitive_t psa_pake_cs_get_primitive(
+ const psa_pake_cipher_suite_t *cipher_suite)
+{
+ return(PSA_PAKE_PRIMITIVE(cipher_suite->type, cipher_suite->family,
+ cipher_suite->bits));
+}
+
+static inline void psa_pake_cs_set_primitive(
+ psa_pake_cipher_suite_t *cipher_suite,
+ psa_pake_primitive_t primitive)
+{
+ cipher_suite->type = (psa_pake_primitive_type_t) (primitive >> 24);
+ cipher_suite->family = (psa_pake_family_t) (0xFF & (primitive >> 16));
+ cipher_suite->bits = (uint16_t) (0xFFFF & primitive);
+}
+
+static inline psa_algorithm_t psa_pake_cs_get_hash(
+ const psa_pake_cipher_suite_t *cipher_suite)
+{
+ return(cipher_suite->hash);
+}
+
+static inline void psa_pake_cs_set_hash(
+ psa_pake_cipher_suite_t *cipher_suite,
+ psa_algorithm_t hash)
+{
+ if(!PSA_ALG_IS_HASH(hash))
+ cipher_suite->hash = 0;
+ else
+ cipher_suite->hash = hash;
+}
+
+struct psa_pake_operation_s
+{
+ psa_algorithm_t alg;
+ union
+ {
+ /* Make the union non-empty even with no supported algorithms. */
+ uint8_t dummy;
+ } ctx;
+};
+
+/* This only zeroes out the first byte in the union, the rest is unspecified. */
+#define PSA_PAKE_OPERATION_INIT {0, {0}}
+static inline struct psa_pake_operation_s psa_pake_operation_init(void)
+{
+ const struct psa_pake_operation_s v = PSA_PAKE_OPERATION_INIT;
+ return(v);
+}
+
#ifdef __cplusplus
}
#endif
diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h
index 8acf22c..d60b773 100644
--- a/include/psa/crypto_platform.h
+++ b/include/psa/crypto_platform.h
@@ -32,6 +32,7 @@
#ifndef PSA_CRYPTO_PLATFORM_H
#define PSA_CRYPTO_PLATFORM_H
+#include "mbedtls/private_access.h"
/* Include the Mbed TLS configuration file, the way Mbed TLS does it
* in each of its header files. */
@@ -92,7 +93,7 @@
* are expected to replace it with a custom definition.
*/
typedef struct {
- uintptr_t opaque[2];
+ uintptr_t MBEDTLS_PRIVATE(opaque)[2];
} mbedtls_psa_external_random_context_t;
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h
index 1dc8f9b..91a6d0b 100644
--- a/include/psa/crypto_se_driver.h
+++ b/include/psa/crypto_se_driver.h
@@ -33,6 +33,7 @@
*/
#ifndef PSA_CRYPTO_SE_DRIVER_H
#define PSA_CRYPTO_SE_DRIVER_H
+#include "mbedtls/private_access.h"
#include "crypto_driver_common.h"
@@ -97,21 +98,21 @@
* - psa_destroy_key() causes a call to
* psa_drv_se_key_management_t::p_destroy.
*/
- const void *const persistent_data;
+ const void *const MBEDTLS_PRIVATE(persistent_data);
/** The size of \c persistent_data in bytes.
*
* This is always equal to the value of the `persistent_data_size` field
* of the ::psa_drv_se_t structure when the driver is registered.
*/
- const size_t persistent_data_size;
+ const size_t MBEDTLS_PRIVATE(persistent_data_size);
/** Driver transient data.
*
* The core initializes this value to 0 and does not read or modify it
* afterwards. The driver may store whatever it wants in this field.
*/
- uintptr_t transient_data;
+ uintptr_t MBEDTLS_PRIVATE(transient_data);
} psa_drv_se_context_t;
/** \brief A driver initialization function.
@@ -323,28 +324,28 @@
/**The size in bytes of the hardware-specific secure element MAC context
* structure
*/
- size_t context_size;
+ size_t MBEDTLS_PRIVATE(context_size);
/** Function that performs a MAC setup operation
*/
- psa_drv_se_mac_setup_t p_setup;
+ psa_drv_se_mac_setup_t MBEDTLS_PRIVATE(p_setup);
/** Function that performs a MAC update operation
*/
- psa_drv_se_mac_update_t p_update;
+ psa_drv_se_mac_update_t MBEDTLS_PRIVATE(p_update);
/** Function that completes a MAC operation
*/
- psa_drv_se_mac_finish_t p_finish;
+ psa_drv_se_mac_finish_t MBEDTLS_PRIVATE(p_finish);
/** Function that completes a MAC operation with a verify check
*/
- psa_drv_se_mac_finish_verify_t p_finish_verify;
+ psa_drv_se_mac_finish_verify_t MBEDTLS_PRIVATE(p_finish_verify);
/** Function that aborts a previoustly started MAC operation
*/
- psa_drv_se_mac_abort_t p_abort;
+ psa_drv_se_mac_abort_t MBEDTLS_PRIVATE(p_abort);
/** Function that performs a MAC operation in one call
*/
- psa_drv_se_mac_generate_t p_mac;
+ psa_drv_se_mac_generate_t MBEDTLS_PRIVATE(p_mac);
/** Function that performs a MAC and verify operation in one call
*/
- psa_drv_se_mac_verify_t p_mac_verify;
+ psa_drv_se_mac_verify_t MBEDTLS_PRIVATE(p_mac_verify);
} psa_drv_se_mac_t;
/**@}*/
@@ -510,22 +511,22 @@
/** The size in bytes of the hardware-specific secure element cipher
* context structure
*/
- size_t context_size;
+ size_t MBEDTLS_PRIVATE(context_size);
/** Function that performs a cipher setup operation */
- psa_drv_se_cipher_setup_t p_setup;
+ psa_drv_se_cipher_setup_t MBEDTLS_PRIVATE(p_setup);
/** Function that sets a cipher IV (if necessary) */
- psa_drv_se_cipher_set_iv_t p_set_iv;
+ psa_drv_se_cipher_set_iv_t MBEDTLS_PRIVATE(p_set_iv);
/** Function that performs a cipher update operation */
- psa_drv_se_cipher_update_t p_update;
+ psa_drv_se_cipher_update_t MBEDTLS_PRIVATE(p_update);
/** Function that completes a cipher operation */
- psa_drv_se_cipher_finish_t p_finish;
+ psa_drv_se_cipher_finish_t MBEDTLS_PRIVATE(p_finish);
/** Function that aborts a cipher operation */
- psa_drv_se_cipher_abort_t p_abort;
+ psa_drv_se_cipher_abort_t MBEDTLS_PRIVATE(p_abort);
/** Function that performs ECB mode for a cipher operation
* (Danger: ECB mode should not be used directly by clients of the PSA
* Crypto Client API)
*/
- psa_drv_se_cipher_ecb_t p_ecb;
+ psa_drv_se_cipher_ecb_t MBEDTLS_PRIVATE(p_ecb);
} psa_drv_se_cipher_t;
/**@}*/
@@ -681,13 +682,13 @@
*/
typedef struct {
/** Function that performs an asymmetric sign operation */
- psa_drv_se_asymmetric_sign_t p_sign;
+ psa_drv_se_asymmetric_sign_t MBEDTLS_PRIVATE(p_sign);
/** Function that performs an asymmetric verify operation */
- psa_drv_se_asymmetric_verify_t p_verify;
+ psa_drv_se_asymmetric_verify_t MBEDTLS_PRIVATE(p_verify);
/** Function that performs an asymmetric encrypt operation */
- psa_drv_se_asymmetric_encrypt_t p_encrypt;
+ psa_drv_se_asymmetric_encrypt_t MBEDTLS_PRIVATE(p_encrypt);
/** Function that performs an asymmetric decrypt operation */
- psa_drv_se_asymmetric_decrypt_t p_decrypt;
+ psa_drv_se_asymmetric_decrypt_t MBEDTLS_PRIVATE(p_decrypt);
} psa_drv_se_asymmetric_t;
/**@}*/
@@ -798,9 +799,9 @@
*/
typedef struct {
/** Function that performs the AEAD encrypt operation */
- psa_drv_se_aead_encrypt_t p_encrypt;
+ psa_drv_se_aead_encrypt_t MBEDTLS_PRIVATE(p_encrypt);
/** Function that performs the AEAD decrypt operation */
- psa_drv_se_aead_decrypt_t p_decrypt;
+ psa_drv_se_aead_decrypt_t MBEDTLS_PRIVATE(p_decrypt);
} psa_drv_se_aead_t;
/**@}*/
@@ -1120,19 +1121,19 @@
*/
typedef struct {
/** Function that allocates a slot for a key. */
- psa_drv_se_allocate_key_t p_allocate;
+ psa_drv_se_allocate_key_t MBEDTLS_PRIVATE(p_allocate);
/** Function that checks the validity of a slot for a key. */
- psa_drv_se_validate_slot_number_t p_validate_slot_number;
+ psa_drv_se_validate_slot_number_t MBEDTLS_PRIVATE(p_validate_slot_number);
/** Function that performs a key import operation */
- psa_drv_se_import_key_t p_import;
+ psa_drv_se_import_key_t MBEDTLS_PRIVATE(p_import);
/** Function that performs a generation */
- psa_drv_se_generate_key_t p_generate;
+ psa_drv_se_generate_key_t MBEDTLS_PRIVATE(p_generate);
/** Function that performs a key destroy operation */
- psa_drv_se_destroy_key_t p_destroy;
+ psa_drv_se_destroy_key_t MBEDTLS_PRIVATE(p_destroy);
/** Function that performs a key export operation */
- psa_drv_se_export_key_t p_export;
+ psa_drv_se_export_key_t MBEDTLS_PRIVATE(p_export);
/** Function that performs a public key export operation */
- psa_drv_se_export_key_t p_export_public;
+ psa_drv_se_export_key_t MBEDTLS_PRIVATE(p_export_public);
} psa_drv_se_key_management_t;
/**@}*/
@@ -1263,16 +1264,16 @@
*/
typedef struct {
/** The driver-specific size of the key derivation context */
- size_t context_size;
+ size_t MBEDTLS_PRIVATE(context_size);
/** Function that performs a key derivation setup */
- psa_drv_se_key_derivation_setup_t p_setup;
+ psa_drv_se_key_derivation_setup_t MBEDTLS_PRIVATE(p_setup);
/** Function that sets key derivation collateral */
- psa_drv_se_key_derivation_collateral_t p_collateral;
+ psa_drv_se_key_derivation_collateral_t MBEDTLS_PRIVATE(p_collateral);
/** Function that performs a final key derivation step */
- psa_drv_se_key_derivation_derive_t p_derive;
+ psa_drv_se_key_derivation_derive_t MBEDTLS_PRIVATE(p_derive);
/** Function that perforsm a final key derivation or agreement and
* exports the key */
- psa_drv_se_key_derivation_export_t p_export;
+ psa_drv_se_key_derivation_export_t MBEDTLS_PRIVATE(p_export);
} psa_drv_se_key_derivation_t;
/**@}*/
@@ -1293,7 +1294,7 @@
* a different version of this specification.
* Use #PSA_DRV_SE_HAL_VERSION.
*/
- uint32_t hal_version;
+ uint32_t MBEDTLS_PRIVATE(hal_version);
/** The size of the driver's persistent data in bytes.
*
@@ -1303,7 +1304,7 @@
* for more information about why and how a driver can use
* persistent data.
*/
- size_t persistent_data_size;
+ size_t MBEDTLS_PRIVATE(persistent_data_size);
/** The driver initialization function.
*
@@ -1315,14 +1316,14 @@
* If this field is \c NULL, it is equivalent to a function that does
* nothing and returns #PSA_SUCCESS.
*/
- psa_drv_se_init_t p_init;
+ psa_drv_se_init_t MBEDTLS_PRIVATE(p_init);
- const psa_drv_se_key_management_t *key_management;
- const psa_drv_se_mac_t *mac;
- const psa_drv_se_cipher_t *cipher;
- const psa_drv_se_aead_t *aead;
- const psa_drv_se_asymmetric_t *asymmetric;
- const psa_drv_se_key_derivation_t *derivation;
+ const psa_drv_se_key_management_t *MBEDTLS_PRIVATE(key_management);
+ const psa_drv_se_mac_t *MBEDTLS_PRIVATE(mac);
+ const psa_drv_se_cipher_t *MBEDTLS_PRIVATE(cipher);
+ const psa_drv_se_aead_t *MBEDTLS_PRIVATE(aead);
+ const psa_drv_se_asymmetric_t *MBEDTLS_PRIVATE(asymmetric);
+ const psa_drv_se_key_derivation_t *MBEDTLS_PRIVATE(derivation);
} psa_drv_se_t;
/** The current version of the secure element driver HAL.
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 47012fd..0afdf84 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -60,6 +60,7 @@
#ifndef PSA_CRYPTO_STRUCT_H
#define PSA_CRYPTO_STRUCT_H
+#include "mbedtls/private_access.h"
#ifdef __cplusplus
extern "C" {
@@ -88,11 +89,11 @@
* ID values are auto-generated in psa_driver_wrappers.h.
* ID value zero means the context is not valid or not assigned to
* any driver (i.e. the driver context is not active, in use). */
- unsigned int id;
- psa_driver_hash_context_t ctx;
+ unsigned int MBEDTLS_PRIVATE(id);
+ psa_driver_hash_context_t MBEDTLS_PRIVATE(ctx);
};
-#define PSA_HASH_OPERATION_INIT {0, {0}}
+#define PSA_HASH_OPERATION_INIT { 0, { 0 } }
static inline struct psa_hash_operation_s psa_hash_operation_init( void )
{
const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT;
@@ -107,17 +108,17 @@
* ID values are auto-generated in psa_crypto_driver_wrappers.h
* ID value zero means the context is not valid or not assigned to
* any driver (i.e. none of the driver contexts are active). */
- unsigned int id;
+ unsigned int MBEDTLS_PRIVATE(id);
- unsigned int iv_required : 1;
- unsigned int iv_set : 1;
+ unsigned int MBEDTLS_PRIVATE(iv_required) : 1;
+ unsigned int MBEDTLS_PRIVATE(iv_set) : 1;
- uint8_t default_iv_length;
+ uint8_t MBEDTLS_PRIVATE(default_iv_length);
- psa_driver_cipher_context_t ctx;
+ psa_driver_cipher_context_t MBEDTLS_PRIVATE(ctx);
};
-#define PSA_CIPHER_OPERATION_INIT {0, 0, 0, 0, {0}}
+#define PSA_CIPHER_OPERATION_INIT { 0, 0, 0, 0, { 0 } }
static inline struct psa_cipher_operation_s psa_cipher_operation_init( void )
{
const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT;
@@ -136,13 +137,13 @@
* ID values are auto-generated in psa_driver_wrappers.h
* ID value zero means the context is not valid or not assigned to
* any driver (i.e. none of the driver contexts are active). */
- unsigned int id;
- uint8_t mac_size;
- unsigned int is_sign : 1;
- psa_driver_mac_context_t ctx;
+ unsigned int MBEDTLS_PRIVATE(id);
+ uint8_t MBEDTLS_PRIVATE(mac_size);
+ unsigned int MBEDTLS_PRIVATE(is_sign) : 1;
+ psa_driver_mac_context_t MBEDTLS_PRIVATE(ctx);
};
-#define PSA_MAC_OPERATION_INIT {0, 0, 0, {0}}
+#define PSA_MAC_OPERATION_INIT { 0, 0, 0, { 0 } }
static inline struct psa_mac_operation_s psa_mac_operation_init( void )
{
const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT;
@@ -151,19 +152,19 @@
struct psa_aead_operation_s
{
- psa_algorithm_t alg;
- unsigned int key_set : 1;
- unsigned int iv_set : 1;
- uint8_t iv_size;
- uint8_t block_size;
+ psa_algorithm_t MBEDTLS_PRIVATE(alg);
+ unsigned int MBEDTLS_PRIVATE(key_set) : 1;
+ unsigned int MBEDTLS_PRIVATE(iv_set) : 1;
+ uint8_t MBEDTLS_PRIVATE(iv_size);
+ uint8_t MBEDTLS_PRIVATE(block_size);
union
{
- unsigned dummy; /* Enable easier initializing of the union. */
- mbedtls_cipher_context_t cipher;
- } ctx;
+ unsigned MBEDTLS_PRIVATE(dummy); /* Enable easier initializing of the union. */
+ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher);
+ } MBEDTLS_PRIVATE(ctx);
};
-#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, {0}}
+#define PSA_AEAD_OPERATION_INIT { 0, 0, 0, 0, 0, { 0 } }
static inline struct psa_aead_operation_s psa_aead_operation_init( void )
{
const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT;
@@ -173,18 +174,18 @@
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
typedef struct
{
- uint8_t *info;
- size_t info_length;
- psa_mac_operation_t hmac;
- uint8_t prk[PSA_HASH_MAX_SIZE];
- uint8_t output_block[PSA_HASH_MAX_SIZE];
+ uint8_t *MBEDTLS_PRIVATE(info);
+ size_t MBEDTLS_PRIVATE(info_length);
+ psa_mac_operation_t MBEDTLS_PRIVATE(hmac);
+ uint8_t MBEDTLS_PRIVATE(prk)[PSA_HASH_MAX_SIZE];
+ uint8_t MBEDTLS_PRIVATE(output_block)[PSA_HASH_MAX_SIZE];
#if PSA_HASH_MAX_SIZE > 0xff
#error "PSA_HASH_MAX_SIZE does not fit in uint8_t"
#endif
- uint8_t offset_in_block;
- uint8_t block_number;
- unsigned int state : 2;
- unsigned int info_set : 1;
+ uint8_t MBEDTLS_PRIVATE(offset_in_block);
+ uint8_t MBEDTLS_PRIVATE(block_number);
+ unsigned int MBEDTLS_PRIVATE(state) : 2;
+ unsigned int MBEDTLS_PRIVATE(info_set) : 1;
} psa_hkdf_key_derivation_t;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */
@@ -207,50 +208,51 @@
/* Indicates how many bytes in the current HMAC block have
* not yet been read by the user. */
- uint8_t left_in_block;
+ uint8_t MBEDTLS_PRIVATE(left_in_block);
/* The 1-based number of the block. */
- uint8_t block_number;
+ uint8_t MBEDTLS_PRIVATE(block_number);
- psa_tls12_prf_key_derivation_state_t state;
+ psa_tls12_prf_key_derivation_state_t MBEDTLS_PRIVATE(state);
- uint8_t *secret;
- size_t secret_length;
- uint8_t *seed;
- size_t seed_length;
- uint8_t *label;
- size_t label_length;
+ uint8_t *MBEDTLS_PRIVATE(secret);
+ size_t MBEDTLS_PRIVATE(secret_length);
+ uint8_t *MBEDTLS_PRIVATE(seed);
+ size_t MBEDTLS_PRIVATE(seed_length);
+ uint8_t *MBEDTLS_PRIVATE(label);
+ size_t MBEDTLS_PRIVATE(label_length);
- uint8_t Ai[PSA_HASH_MAX_SIZE];
+ uint8_t MBEDTLS_PRIVATE(Ai)[PSA_HASH_MAX_SIZE];
- /* `HMAC_hash( prk, A(i) + seed )` in the notation of RFC 5246, Sect. 5. */
- uint8_t output_block[PSA_HASH_MAX_SIZE];
+ /* `HMAC_hash( prk, A( i ) + seed )` in the notation of RFC 5246, Sect. 5. */
+ uint8_t MBEDTLS_PRIVATE(output_block)[PSA_HASH_MAX_SIZE];
} psa_tls12_prf_key_derivation_t;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) ||
* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
struct psa_key_derivation_s
{
- psa_algorithm_t alg;
- unsigned int can_output_key : 1;
- size_t capacity;
+ psa_algorithm_t MBEDTLS_PRIVATE(alg);
+ unsigned int MBEDTLS_PRIVATE(can_output_key) : 1;
+ size_t MBEDTLS_PRIVATE(capacity);
union
{
/* Make the union non-empty even with no supported algorithms. */
- uint8_t dummy;
+ uint8_t MBEDTLS_PRIVATE(dummy);
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
- psa_hkdf_key_derivation_t hkdf;
+ psa_hkdf_key_derivation_t MBEDTLS_PRIVATE(hkdf);
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
- psa_tls12_prf_key_derivation_t tls12_prf;
+ psa_tls12_prf_key_derivation_t MBEDTLS_PRIVATE(tls12_prf);
#endif
- } ctx;
+ } MBEDTLS_PRIVATE(ctx);
};
/* This only zeroes out the first byte in the union, the rest is unspecified. */
-#define PSA_KEY_DERIVATION_OPERATION_INIT {0, 0, 0, {0}}
-static inline struct psa_key_derivation_s psa_key_derivation_operation_init( void )
+#define PSA_KEY_DERIVATION_OPERATION_INIT { 0, 0, 0, { 0 } }
+static inline struct psa_key_derivation_s psa_key_derivation_operation_init(
+ void )
{
const struct psa_key_derivation_s v = PSA_KEY_DERIVATION_OPERATION_INIT;
return( v );
@@ -258,13 +260,13 @@
struct psa_key_policy_s
{
- psa_key_usage_t usage;
- psa_algorithm_t alg;
- psa_algorithm_t alg2;
+ psa_key_usage_t MBEDTLS_PRIVATE(usage);
+ psa_algorithm_t MBEDTLS_PRIVATE(alg);
+ psa_algorithm_t MBEDTLS_PRIVATE(alg2);
};
typedef struct psa_key_policy_s psa_key_policy_t;
-#define PSA_KEY_POLICY_INIT {0, 0, 0}
+#define PSA_KEY_POLICY_INIT { 0, 0, 0 }
static inline struct psa_key_policy_s psa_key_policy_init( void )
{
const struct psa_key_policy_s v = PSA_KEY_POLICY_INIT;
@@ -276,7 +278,7 @@
typedef uint16_t psa_key_bits_t;
/* The maximum value of the type used to represent bit-sizes.
* This is used to mark an invalid key size. */
-#define PSA_KEY_BITS_TOO_LARGE ( (psa_key_bits_t) ( -1 ) )
+#define PSA_KEY_BITS_TOO_LARGE ( ( psa_key_bits_t ) -1 )
/* The maximum size of a key in bits.
* Currently defined as the maximum that can be represented, rounded down
* to a whole number of bytes.
@@ -309,30 +311,33 @@
typedef struct
{
- psa_key_type_t type;
- psa_key_bits_t bits;
- psa_key_lifetime_t lifetime;
- mbedtls_svc_key_id_t id;
- psa_key_policy_t policy;
- psa_key_attributes_flag_t flags;
+ psa_key_type_t MBEDTLS_PRIVATE(type);
+ psa_key_bits_t MBEDTLS_PRIVATE(bits);
+ psa_key_lifetime_t MBEDTLS_PRIVATE(lifetime);
+ mbedtls_svc_key_id_t MBEDTLS_PRIVATE(id);
+ psa_key_policy_t MBEDTLS_PRIVATE(policy);
+ psa_key_attributes_flag_t MBEDTLS_PRIVATE(flags);
} psa_core_key_attributes_t;
-#define PSA_CORE_KEY_ATTRIBUTES_INIT {PSA_KEY_TYPE_NONE, 0, PSA_KEY_LIFETIME_VOLATILE, MBEDTLS_SVC_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0}
+#define PSA_CORE_KEY_ATTRIBUTES_INIT { PSA_KEY_TYPE_NONE, 0, \
+ PSA_KEY_LIFETIME_VOLATILE, \
+ MBEDTLS_SVC_KEY_ID_INIT, \
+ PSA_KEY_POLICY_INIT, 0 }
struct psa_key_attributes_s
{
- psa_core_key_attributes_t core;
+ psa_core_key_attributes_t MBEDTLS_PRIVATE(core);
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
- psa_key_slot_number_t slot_number;
+ psa_key_slot_number_t MBEDTLS_PRIVATE(slot_number);
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
- void *domain_parameters;
- size_t domain_parameters_size;
+ void *MBEDTLS_PRIVATE(domain_parameters);
+ size_t MBEDTLS_PRIVATE(domain_parameters_size);
};
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-#define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, 0, NULL, 0}
+#define PSA_KEY_ATTRIBUTES_INIT { PSA_CORE_KEY_ATTRIBUTES_INIT, 0, NULL, 0 }
#else
-#define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, NULL, 0}
+#define PSA_KEY_ATTRIBUTES_INIT { PSA_CORE_KEY_ATTRIBUTES_INIT, NULL, 0 }
#endif
static inline struct psa_key_attributes_s psa_key_attributes_init( void )
@@ -344,13 +349,13 @@
static inline void psa_set_key_id( psa_key_attributes_t *attributes,
mbedtls_svc_key_id_t key )
{
- psa_key_lifetime_t lifetime = attributes->core.lifetime;
+ psa_key_lifetime_t lifetime = attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime);
- attributes->core.id = key;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) = key;
if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
{
- attributes->core.lifetime =
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) =
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
PSA_KEY_LIFETIME_PERSISTENT,
PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) );
@@ -358,77 +363,77 @@
}
static inline mbedtls_svc_key_id_t psa_get_key_id(
- const psa_key_attributes_t *attributes)
+ const psa_key_attributes_t *attributes )
{
- return( attributes->core.id );
+ return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) );
}
#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
static inline void mbedtls_set_key_owner_id( psa_key_attributes_t *attributes,
mbedtls_key_owner_id_t owner )
{
- attributes->core.id.owner = owner;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(owner) = owner;
}
#endif
-static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
- psa_key_lifetime_t lifetime)
+static inline void psa_set_key_lifetime( psa_key_attributes_t *attributes,
+ psa_key_lifetime_t lifetime )
{
- attributes->core.lifetime = lifetime;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) = lifetime;
if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
{
#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
- attributes->core.id.key_id = 0;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(key_id) = 0;
#else
- attributes->core.id = 0;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) = 0;
#endif
}
}
static inline psa_key_lifetime_t psa_get_key_lifetime(
- const psa_key_attributes_t *attributes)
+ const psa_key_attributes_t *attributes )
{
- return( attributes->core.lifetime );
+ return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) );
}
-static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
- psa_key_usage_t usage_flags)
+static inline void psa_set_key_usage_flags( psa_key_attributes_t *attributes,
+ psa_key_usage_t usage_flags )
{
- attributes->core.policy.usage = usage_flags;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) = usage_flags;
}
static inline psa_key_usage_t psa_get_key_usage_flags(
- const psa_key_attributes_t *attributes)
+ const psa_key_attributes_t *attributes )
{
- return( attributes->core.policy.usage );
+ return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) );
}
-static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes,
- psa_algorithm_t alg)
+static inline void psa_set_key_algorithm( psa_key_attributes_t *attributes,
+ psa_algorithm_t alg )
{
- attributes->core.policy.alg = alg;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg) = alg;
}
static inline psa_algorithm_t psa_get_key_algorithm(
- const psa_key_attributes_t *attributes)
+ const psa_key_attributes_t *attributes )
{
- return( attributes->core.policy.alg );
+ return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg) );
}
/* This function is declared in crypto_extra.h, which comes after this
* header file, but we need the function here, so repeat the declaration. */
-psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
+psa_status_t psa_set_key_domain_parameters( psa_key_attributes_t *attributes,
psa_key_type_t type,
const uint8_t *data,
- size_t data_length);
+ size_t data_length );
-static inline void psa_set_key_type(psa_key_attributes_t *attributes,
- psa_key_type_t type)
+static inline void psa_set_key_type( psa_key_attributes_t *attributes,
+ psa_key_type_t type )
{
- if( attributes->domain_parameters == NULL )
+ if( attributes->MBEDTLS_PRIVATE(domain_parameters) == NULL )
{
/* Common case: quick path */
- attributes->core.type = type;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(type) = type;
}
else
{
@@ -441,24 +446,24 @@
}
static inline psa_key_type_t psa_get_key_type(
- const psa_key_attributes_t *attributes)
+ const psa_key_attributes_t *attributes )
{
- return( attributes->core.type );
+ return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(type) );
}
-static inline void psa_set_key_bits(psa_key_attributes_t *attributes,
- size_t bits)
+static inline void psa_set_key_bits( psa_key_attributes_t *attributes,
+ size_t bits )
{
if( bits > PSA_MAX_KEY_BITS )
- attributes->core.bits = PSA_KEY_BITS_TOO_LARGE;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) = PSA_KEY_BITS_TOO_LARGE;
else
- attributes->core.bits = (psa_key_bits_t) bits;
+ attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) = (psa_key_bits_t) bits;
}
static inline size_t psa_get_key_bits(
- const psa_key_attributes_t *attributes)
+ const psa_key_attributes_t *attributes )
{
- return( attributes->core.bits );
+ return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) );
}
#ifdef __cplusplus
diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h
index 386c7d7..2cf965d 100644
--- a/include/psa/crypto_types.h
+++ b/include/psa/crypto_types.h
@@ -32,6 +32,7 @@
#ifndef PSA_CRYPTO_TYPES_H
#define PSA_CRYPTO_TYPES_H
+#include "mbedtls/private_access.h"
#include "crypto_platform.h"
@@ -234,8 +235,8 @@
*/
typedef struct
{
- psa_key_id_t key_id;
- mbedtls_key_owner_id_t owner;
+ psa_key_id_t MBEDTLS_PRIVATE(key_id);
+ mbedtls_key_owner_id_t MBEDTLS_PRIVATE(owner);
} mbedtls_svc_key_id_t;
#endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index 497bd8f..31a6464 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -33,6 +33,7 @@
#ifndef PSA_CRYPTO_VALUES_H
#define PSA_CRYPTO_VALUES_H
+#include "mbedtls/private_access.h"
/** \defgroup error Error codes
* @{
@@ -2124,8 +2125,8 @@
static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make(
mbedtls_key_owner_id_t owner_id, psa_key_id_t key_id )
{
- return( (mbedtls_svc_key_id_t){ .key_id = key_id,
- .owner = owner_id } );
+ return( (mbedtls_svc_key_id_t){ .MBEDTLS_PRIVATE(key_id) = key_id,
+ .MBEDTLS_PRIVATE(owner) = owner_id } );
}
/** Compare two key identifiers.
@@ -2138,8 +2139,8 @@
static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1,
mbedtls_svc_key_id_t id2 )
{
- return( ( id1.key_id == id2.key_id ) &&
- mbedtls_key_owner_id_equal( id1.owner, id2.owner ) );
+ return( ( id1.MBEDTLS_PRIVATE(key_id) == id2.MBEDTLS_PRIVATE(key_id) ) &&
+ mbedtls_key_owner_id_equal( id1.MBEDTLS_PRIVATE(owner), id2.MBEDTLS_PRIVATE(owner) ) );
}
/** Check whether a key identifier is null.
@@ -2150,7 +2151,7 @@
*/
static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
{
- return( ( key.key_id == 0 ) && ( key.owner == 0 ) );
+ return( ( key.MBEDTLS_PRIVATE(key_id) == 0 ) && ( key.MBEDTLS_PRIVATE(owner) == 0 ) );
}
#endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
diff --git a/library/aes.c b/library/aes.c
index 422e158..a15a809 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -1005,7 +1005,7 @@
#endif
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
- if( aes_padlock_ace )
+ if( aes_padlock_ace > 0)
{
if( mbedtls_padlock_xcryptecb( ctx, mode, input, output ) == 0 )
return( 0 );
@@ -1047,7 +1047,7 @@
return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
- if( aes_padlock_ace )
+ if( aes_padlock_ace > 0 )
{
if( mbedtls_padlock_xcryptcbc( ctx, mode, length, iv, input, output ) == 0 )
return( 0 );
diff --git a/library/bignum.c b/library/bignum.c
index c20c6b7..c49d63e 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -181,6 +181,27 @@
return( 0 );
}
+/* Resize X to have exactly n limbs and set it to 0. */
+static int mbedtls_mpi_resize_clear( mbedtls_mpi *X, size_t limbs )
+{
+ if( limbs == 0 )
+ {
+ mbedtls_mpi_free( X );
+ return( 0 );
+ }
+ else if( X->n == limbs )
+ {
+ memset( X->p, 0, limbs * ciL );
+ X->s = 1;
+ return( 0 );
+ }
+ else
+ {
+ mbedtls_mpi_free( X );
+ return( mbedtls_mpi_grow( X, limbs ) );
+ }
+}
+
/*
* Copy the contents of Y into X
*/
@@ -838,14 +859,7 @@
size_t const limbs = CHARS_TO_LIMBS( buflen );
/* Ensure that target MPI has exactly the necessary number of limbs */
- if( X->n != limbs )
- {
- mbedtls_mpi_free( X );
- mbedtls_mpi_init( X );
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, limbs ) );
- }
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_resize_clear( X, limbs ) );
for( i = 0; i < buflen; i++ )
X->p[i / ciL] |= ((mbedtls_mpi_uint) buf[i]) << ((i % ciL) << 3);
@@ -874,17 +888,11 @@
MPI_VALIDATE_RET( buflen == 0 || buf != NULL );
/* Ensure that target MPI has exactly the necessary number of limbs */
- if( X->n != limbs )
- {
- mbedtls_mpi_free( X );
- mbedtls_mpi_init( X );
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, limbs ) );
- }
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_resize_clear( X, limbs ) );
- /* Avoid calling `memcpy` with NULL source argument,
+ /* Avoid calling `memcpy` with NULL source or destination argument,
* even if buflen is 0. */
- if( buf != NULL )
+ if( buflen != 0 )
{
Xp = (unsigned char*) X->p;
memcpy( Xp + overhead, buf, buflen );
@@ -2395,6 +2403,33 @@
return( ret );
}
+/* Fill X with n_bytes random bytes.
+ * X must already have room for those bytes.
+ * The ordering of the bytes returned from the RNG is suitable for
+ * deterministic ECDSA (see RFC 6979 §3.3 and mbedtls_mpi_random()).
+ * The size and sign of X are unchanged.
+ * n_bytes must not be 0.
+ */
+static int mpi_fill_random_internal(
+ mbedtls_mpi *X, size_t n_bytes,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ const size_t limbs = CHARS_TO_LIMBS( n_bytes );
+ const size_t overhead = ( limbs * ciL ) - n_bytes;
+
+ if( X->n < limbs )
+ return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+
+ memset( X->p, 0, overhead );
+ memset( (unsigned char *) X->p + limbs * ciL, 0, ( X->n - limbs ) * ciL );
+ MBEDTLS_MPI_CHK( f_rng( p_rng, (unsigned char *) X->p + overhead, n_bytes ) );
+ mpi_bigendian_to_host( X->p, limbs );
+
+cleanup:
+ return( ret );
+}
+
/*
* Fill X with size bytes of random.
*
@@ -2408,25 +2443,84 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t const limbs = CHARS_TO_LIMBS( size );
- size_t const overhead = ( limbs * ciL ) - size;
- unsigned char *Xp;
MPI_VALIDATE_RET( X != NULL );
MPI_VALIDATE_RET( f_rng != NULL );
/* Ensure that target MPI has exactly the necessary number of limbs */
- if( X->n != limbs )
+ MBEDTLS_MPI_CHK( mbedtls_mpi_resize_clear( X, limbs ) );
+ if( size == 0 )
+ return( 0 );
+
+ ret = mpi_fill_random_internal( X, size, f_rng, p_rng );
+
+cleanup:
+ return( ret );
+}
+
+int mbedtls_mpi_random( mbedtls_mpi *X,
+ mbedtls_mpi_sint min,
+ const mbedtls_mpi *N,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ int ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+ int count;
+ unsigned cmp = 0;
+ size_t n_bits = mbedtls_mpi_bitlen( N );
+ size_t n_bytes = ( n_bits + 7 ) / 8;
+
+ if( min < 0 )
+ return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+ if( mbedtls_mpi_cmp_int( N, min ) <= 0 )
+ return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+
+ /*
+ * When min == 0, each try has at worst a probability 1/2 of failing
+ * (the msb has a probability 1/2 of being 0, and then the result will
+ * be < N), so after 30 tries failure probability is a most 2**(-30).
+ *
+ * When N is just below a power of 2, as is the case when generating
+ * a random scalar on most elliptic curves, 1 try is enough with
+ * overwhelming probability. When N is just above a power of 2,
+ * as when generating a random scalar on secp224k1, each try has
+ * a probability of failing that is almost 1/2.
+ *
+ * The probabilities are almost the same if min is nonzero but negligible
+ * compared to N. This is always the case when N is crypto-sized, but
+ * it's convenient to support small N for testing purposes. When N
+ * is small, use a higher repeat count, otherwise the probability of
+ * failure is macroscopic.
+ */
+ count = ( n_bytes > 4 ? 30 : 250 );
+
+ /* Ensure that target MPI has exactly the same number of limbs
+ * as the upper bound, even if the upper bound has leading zeros.
+ * This is necessary for the mbedtls_mpi_lt_mpi_ct() check. */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_resize_clear( X, N->n ) );
+
+ /*
+ * Match the procedure given in RFC 6979 §3.3 (deterministic ECDSA)
+ * when f_rng is a suitably parametrized instance of HMAC_DRBG:
+ * - use the same byte ordering;
+ * - keep the leftmost n_bits bits of the generated octet string;
+ * - try until result is in the desired range.
+ * This also avoids any bias, which is especially important for ECDSA.
+ */
+ do
{
- mbedtls_mpi_free( X );
- mbedtls_mpi_init( X );
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, limbs ) );
+ MBEDTLS_MPI_CHK( mpi_fill_random_internal( X, n_bytes, f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, 8 * n_bytes - n_bits ) );
+
+ if( --count == 0 )
+ {
+ ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
+ goto cleanup;
+ }
+
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lt_mpi_ct( X, N, &cmp ) );
}
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
-
- Xp = (unsigned char*) X->p;
- MBEDTLS_MPI_CHK( f_rng( p_rng, Xp + overhead, size ) );
-
- mpi_bigendian_to_host( X->p, limbs );
+ while( mbedtls_mpi_cmp_int( X, min ) < 0 || cmp != 1 );
cleanup:
return( ret );
diff --git a/library/common.h b/library/common.h
index 5845766..0f61f94 100644
--- a/library/common.h
+++ b/library/common.h
@@ -50,4 +50,11 @@
#define MBEDTLS_STATIC_TESTABLE static
#endif
+/** Allow library to access its structs' private members.
+ *
+ * Although structs defined in header files are publicly available,
+ * their members are private and should not be accessed by the user.
+ */
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#endif /* MBEDTLS_LIBRARY_COMMON_H */
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index 602ec69..b664fb0 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -304,7 +304,7 @@
}
/* CTR_DRBG_Instantiate with derivation function (SP 800-90A §10.2.1.3.2)
- * mbedtls_ctr_drbg_update_ret(ctx, additional, add_len)
+ * mbedtls_ctr_drbg_update(ctx, additional, add_len)
* implements
* CTR_DRBG_Instantiate(entropy_input, nonce, personalization_string,
* security_strength) -> initial_working_state
@@ -315,7 +315,7 @@
* and with outputs
* ctx = initial_working_state
*/
-int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx,
+int mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
const unsigned char *additional,
size_t add_len )
{
@@ -657,7 +657,7 @@
fclose( f );
f = NULL;
- ret = mbedtls_ctr_drbg_update_ret( ctx, buf, n );
+ ret = mbedtls_ctr_drbg_update( ctx, buf, n );
exit:
mbedtls_platform_zeroize( buf, sizeof( buf ) );
diff --git a/library/dhm.c b/library/dhm.c
index 9758af7..e88f3a2 100644
--- a/library/dhm.c
+++ b/library/dhm.c
@@ -100,22 +100,21 @@
*/
static int dhm_check_range( const mbedtls_mpi *param, const mbedtls_mpi *P )
{
- mbedtls_mpi L, U;
+ mbedtls_mpi U;
int ret = 0;
- mbedtls_mpi_init( &L ); mbedtls_mpi_init( &U );
+ mbedtls_mpi_init( &U );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &L, 2 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &U, P, 2 ) );
- if( mbedtls_mpi_cmp_mpi( param, &L ) < 0 ||
+ if( mbedtls_mpi_cmp_int( param, 2 ) < 0 ||
mbedtls_mpi_cmp_mpi( param, &U ) > 0 )
{
ret = MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
}
cleanup:
- mbedtls_mpi_free( &L ); mbedtls_mpi_free( &U );
+ mbedtls_mpi_free( &U );
return( ret );
}
@@ -125,6 +124,47 @@
memset( ctx, 0, sizeof( mbedtls_dhm_context ) );
}
+size_t mbedtls_dhm_get_bitlen( const mbedtls_dhm_context *ctx )
+{
+ return( mbedtls_mpi_bitlen( &ctx->P ) );
+}
+
+size_t mbedtls_dhm_get_len( const mbedtls_dhm_context *ctx )
+{
+ return( mbedtls_mpi_size( &ctx->P ) );
+}
+
+int mbedtls_dhm_get_value( const mbedtls_dhm_context *ctx,
+ mbedtls_dhm_parameter param,
+ mbedtls_mpi *dest )
+{
+ const mbedtls_mpi *src = NULL;
+ switch( param )
+ {
+ case MBEDTLS_DHM_PARAM_P:
+ src = &ctx->P;
+ break;
+ case MBEDTLS_DHM_PARAM_G:
+ src = &ctx->G;
+ break;
+ case MBEDTLS_DHM_PARAM_X:
+ src = &ctx->X;
+ break;
+ case MBEDTLS_DHM_PARAM_GX:
+ src = &ctx->GX;
+ break;
+ case MBEDTLS_DHM_PARAM_GY:
+ src = &ctx->GY;
+ break;
+ case MBEDTLS_DHM_PARAM_K:
+ src = &ctx->K;
+ break;
+ default:
+ return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+ }
+ return( mbedtls_mpi_copy( dest, src ) );
+}
+
/*
* Parse the ServerKeyExchange parameters
*/
@@ -145,44 +185,48 @@
if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
return( ret );
- ctx->len = mbedtls_mpi_size( &ctx->P );
-
return( 0 );
}
/*
- * Setup and write the ServerKeyExchange parameters
+ * Pick a random R in the range [2, M-2] for blinding or key generation.
*/
-int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
- unsigned char *output, size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+static int dhm_random_below( mbedtls_mpi *R, const mbedtls_mpi *M,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
- int ret, count = 0;
- size_t n1, n2, n3;
- unsigned char *p;
- DHM_VALIDATE_RET( ctx != NULL );
- DHM_VALIDATE_RET( output != NULL );
- DHM_VALIDATE_RET( olen != NULL );
- DHM_VALIDATE_RET( f_rng != NULL );
+ int ret;
+
+ MBEDTLS_MPI_CHK( mbedtls_mpi_random( R, 3, M, f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( R, R, 1 ) );
+
+cleanup:
+ return( ret );
+}
+
+static int dhm_make_common( mbedtls_dhm_context *ctx, int x_size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ int ret = 0;
if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+ if( x_size < 0 )
+ return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
- /*
- * Generate X as large as possible ( < P )
- */
- do
+ if( (unsigned) x_size < mbedtls_mpi_size( &ctx->P ) )
{
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) );
-
- while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) );
-
- if( count++ > 10 )
- return( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED );
}
- while( dhm_check_range( &ctx->X, &ctx->P ) != 0 );
+ else
+ {
+ /* Generate X as large as possible ( <= P - 2 ) */
+ ret = dhm_random_below( &ctx->X, &ctx->P, f_rng, p_rng );
+ if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
+ return( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED );
+ if( ret != 0 )
+ return( ret );
+ }
/*
* Calculate GX = G^X mod P
@@ -193,8 +237,33 @@
if( ( ret = dhm_check_range( &ctx->GX, &ctx->P ) ) != 0 )
return( ret );
+cleanup:
+ return( ret );
+}
+
+/*
+ * Setup and write the ServerKeyExchange parameters
+ */
+int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
+ unsigned char *output, size_t *olen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ int ret;
+ size_t n1, n2, n3;
+ unsigned char *p;
+ DHM_VALIDATE_RET( ctx != NULL );
+ DHM_VALIDATE_RET( output != NULL );
+ DHM_VALIDATE_RET( olen != NULL );
+ DHM_VALIDATE_RET( f_rng != NULL );
+
+ ret = dhm_make_common( ctx, x_size, f_rng, p_rng );
+ if( ret != 0 )
+ goto cleanup;
+
/*
- * export P, G, GX
+ * Export P, G, GX. RFC 5246 §4.4 states that "leading zero octets are
+ * not required". We omit leading zeros for compactness.
*/
#define DHM_MPI_EXPORT( X, n ) \
do { \
@@ -217,14 +286,10 @@
*olen = p - output;
- ctx->len = n1;
-
cleanup:
-
- if( ret != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED, ret ) );
-
- return( 0 );
+ if( ret != 0 && ret > -128 )
+ ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED, ret );
+ return( ret );
}
/*
@@ -245,7 +310,6 @@
return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_SET_GROUP_FAILED, ret ) );
}
- ctx->len = mbedtls_mpi_size( &ctx->P );
return( 0 );
}
@@ -259,7 +323,7 @@
DHM_VALIDATE_RET( ctx != NULL );
DHM_VALIDATE_RET( input != NULL );
- if( ilen < 1 || ilen > ctx->len )
+ if( ilen < 1 || ilen > mbedtls_dhm_get_len( ctx ) )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
if( ( ret = mbedtls_mpi_read_binary( &ctx->GY, input, ilen ) ) != 0 )
@@ -276,70 +340,25 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
- int ret, count = 0;
+ int ret;
DHM_VALIDATE_RET( ctx != NULL );
DHM_VALIDATE_RET( output != NULL );
DHM_VALIDATE_RET( f_rng != NULL );
- if( olen < 1 || olen > ctx->len )
+ if( olen < 1 || olen > mbedtls_dhm_get_len( ctx ) )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
- if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 )
- return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
-
- /*
- * generate X and calculate GX = G^X mod P
- */
- do
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) );
-
- while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) );
-
- if( count++ > 10 )
- return( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED );
- }
- while( dhm_check_range( &ctx->X, &ctx->P ) != 0 );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->GX, &ctx->G, &ctx->X,
- &ctx->P , &ctx->RP ) );
-
- if( ( ret = dhm_check_range( &ctx->GX, &ctx->P ) ) != 0 )
- return( ret );
+ ret = dhm_make_common( ctx, x_size, f_rng, p_rng );
+ if( ret == MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED )
+ return( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED );
+ if( ret != 0 )
+ goto cleanup;
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->GX, output, olen ) );
cleanup:
-
- if( ret != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED, ret ) );
-
- return( 0 );
-}
-
-/*
- * Pick a random R in the range [2, M) for blinding purposes
- */
-static int dhm_random_below( mbedtls_mpi *R, const mbedtls_mpi *M,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
- int ret, count;
-
- count = 0;
- do
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( R, mbedtls_mpi_size( M ), f_rng, p_rng ) );
-
- while( mbedtls_mpi_cmp_mpi( R, M ) >= 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( R, 1 ) );
-
- if( count++ > 10 )
- return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
- }
- while( mbedtls_mpi_cmp_int( R, 1 ) <= 0 );
-
-cleanup:
+ if( ret != 0 && ret > -128 )
+ ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED, ret );
return( ret );
}
@@ -390,7 +409,7 @@
* We need to generate blinding values from scratch
*/
- /* Vi = random( 2, P-1 ) */
+ /* Vi = random( 2, P-2 ) */
MBEDTLS_MPI_CHK( dhm_random_below( &ctx->Vi, &ctx->P, f_rng, p_rng ) );
/* Vf = Vi^-X mod P
@@ -425,7 +444,7 @@
DHM_VALIDATE_RET( output != NULL );
DHM_VALIDATE_RET( olen != NULL );
- if( output_size < ctx->len )
+ if( output_size < mbedtls_dhm_get_len( ctx ) )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
@@ -454,8 +473,9 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->K, &ctx->K, &ctx->P ) );
}
+ /* Output the secret without any leading zero byte. This is mandatory
+ * for TLS per RFC 5246 §8.1.2. */
*olen = mbedtls_mpi_size( &ctx->K );
-
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->K, output, *olen ) );
cleanup:
@@ -580,8 +600,6 @@
ret = 0;
- dhm->len = mbedtls_mpi_size( &dhm->P );
-
exit:
#if defined(MBEDTLS_PEM_PARSE_C)
mbedtls_pem_free( &pem );
diff --git a/library/ecjpake.c b/library/ecjpake.c
index 464ff51..de43ddb 100644
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@@ -128,6 +128,20 @@
return( ret );
}
+int mbedtls_ecjpake_set_point_format( mbedtls_ecjpake_context *ctx,
+ int point_format )
+{
+ switch( point_format )
+ {
+ case MBEDTLS_ECP_PF_UNCOMPRESSED:
+ case MBEDTLS_ECP_PF_COMPRESSED:
+ ctx->point_format = point_format;
+ return( 0 );
+ default:
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ }
+}
+
/*
* Check if context is ready for use
*/
diff --git a/library/ecp.c b/library/ecp.c
index 194e448..044bbe1 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -99,7 +99,7 @@
#define mbedtls_free free
#endif
-#include "ecp_alt.h"
+#include "ecp_internal_alt.h"
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
#if defined(MBEDTLS_HMAC_DRBG_C)
@@ -729,6 +729,18 @@
}
/*
+ * Check that the comb table (grp->T) is static initialized.
+ */
+static int ecp_group_is_static_comb_table( const mbedtls_ecp_group *grp ) {
+#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
+ return grp->T != NULL && grp->T_size == 0;
+#else
+ (void) grp;
+ return 0;
+#endif
+}
+
+/*
* Unallocate (the components of) a group
*/
void mbedtls_ecp_group_free( mbedtls_ecp_group *grp )
@@ -747,7 +759,7 @@
mbedtls_mpi_free( &grp->N );
}
- if( grp->T != NULL )
+ if( !ecp_group_is_static_comb_table(grp) && grp->T != NULL )
{
for( i = 0; i < grp->T_size; i++ )
mbedtls_ecp_point_free( &grp->T[i] );
@@ -1701,26 +1713,11 @@
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi l, ll;
- int count = 0;
- size_t p_size = ( grp->pbits + 7 ) / 8;
mbedtls_mpi_init( &l ); mbedtls_mpi_init( &ll );
/* Generate l such that 1 < l < p */
- do
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ) );
-
- while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) );
-
- if( count++ > 10 )
- {
- ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
- goto cleanup;
- }
- }
- while( mbedtls_mpi_cmp_int( &l, 1 ) <= 0 );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_random( &l, 2, &grp->P, f_rng, p_rng ) );
/* Z = l * Z */
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Z, &pt->Z, &l ) );
@@ -1736,6 +1733,8 @@
cleanup:
mbedtls_mpi_free( &l ); mbedtls_mpi_free( &ll );
+ if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
+ ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
return( ret );
#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) */
}
@@ -2245,11 +2244,16 @@
w++;
/*
- * Make sure w is within bounds.
+ * If static comb table may not be used (!p_eq_g) or static comb table does
+ * not exists, make sure w is within bounds.
* (The last test is useful only for very small curves in the test suite.)
+ *
+ * The user reduces MBEDTLS_ECP_WINDOW_SIZE does not changes the size of
+ * static comb table, because the size of static comb table is fixed when
+ * it is generated.
*/
#if( MBEDTLS_ECP_WINDOW_SIZE < 6 )
- if( w > MBEDTLS_ECP_WINDOW_SIZE )
+ if( (!p_eq_g || !ecp_group_is_static_comb_table(grp)) && w > MBEDTLS_ECP_WINDOW_SIZE )
w = MBEDTLS_ECP_WINDOW_SIZE;
#endif
if( w >= grp->nbits )
@@ -2485,25 +2489,10 @@
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi l;
- int count = 0;
- size_t p_size = ( grp->pbits + 7 ) / 8;
mbedtls_mpi_init( &l );
/* Generate l such that 1 < l < p */
- do
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ) );
-
- while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) );
-
- if( count++ > 10 )
- {
- ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
- goto cleanup;
- }
- }
- while( mbedtls_mpi_cmp_int( &l, 1 ) <= 0 );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_random( &l, 2, &grp->P, f_rng, p_rng ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &P->X, &P->X, &l ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &P->Z, &P->Z, &l ) );
@@ -2511,6 +2500,8 @@
cleanup:
mbedtls_mpi_free( &l );
+ if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
+ ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
return( ret );
#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) */
}
@@ -3040,6 +3031,56 @@
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
}
+#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
+MBEDTLS_STATIC_TESTABLE
+int mbedtls_ecp_gen_privkey_mx( size_t high_bit,
+ mbedtls_mpi *d,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ size_t n_random_bytes = high_bit / 8 + 1;
+
+ /* [Curve25519] page 5 */
+ /* Generate a (high_bit+1)-bit random number by generating just enough
+ * random bytes, then shifting out extra bits from the top (necessary
+ * when (high_bit+1) is not a multiple of 8). */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_random_bytes,
+ f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, 8 * n_random_bytes - high_bit - 1 ) );
+
+ MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, high_bit, 1 ) );
+
+ /* Make sure the last two bits are unset for Curve448, three bits for
+ Curve25519 */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 0, 0 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 1, 0 ) );
+ if( high_bit == 254 )
+ {
+ MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 2, 0 ) );
+ }
+
+cleanup:
+ return( ret );
+}
+#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
+
+#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
+static int mbedtls_ecp_gen_privkey_sw(
+ const mbedtls_mpi *N, mbedtls_mpi *d,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ int ret = mbedtls_mpi_random( d, 1, N, f_rng, p_rng );
+ switch( ret )
+ {
+ case MBEDTLS_ERR_MPI_NOT_ACCEPTABLE:
+ return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
+ default:
+ return( ret );
+ }
+}
+#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
+
/*
* Generate a private key
*/
@@ -3048,89 +3089,21 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
- int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
- size_t n_size;
-
ECP_VALIDATE_RET( grp != NULL );
ECP_VALIDATE_RET( d != NULL );
ECP_VALIDATE_RET( f_rng != NULL );
- n_size = ( grp->nbits + 7 ) / 8;
-
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
- {
- /* [M225] page 5 */
- size_t b;
-
- do {
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) );
- } while( mbedtls_mpi_bitlen( d ) == 0);
-
- /* Make sure the most significant bit is nbits */
- b = mbedtls_mpi_bitlen( d ) - 1; /* mbedtls_mpi_bitlen is one-based */
- if( b > grp->nbits )
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, b - grp->nbits ) );
- else
- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, grp->nbits, 1 ) );
-
- /* Make sure the last two bits are unset for Curve448, three bits for
- Curve25519 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 0, 0 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 1, 0 ) );
- if( grp->nbits == 254 )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 2, 0 ) );
- }
- }
+ return( mbedtls_ecp_gen_privkey_mx( grp->nbits, d, f_rng, p_rng ) );
#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
- {
- /* SEC1 3.2.1: Generate d such that 1 <= n < N */
- int count = 0;
- unsigned cmp = 0;
-
- /*
- * Match the procedure given in RFC 6979 (deterministic ECDSA):
- * - use the same byte ordering;
- * - keep the leftmost nbits bits of the generated octet string;
- * - try until result is in the desired range.
- * This also avoids any biais, which is especially important for ECDSA.
- */
- do
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, 8 * n_size - grp->nbits ) );
-
- /*
- * Each try has at worst a probability 1/2 of failing (the msb has
- * a probability 1/2 of being 0, and then the result will be < N),
- * so after 30 tries failure probability is a most 2**(-30).
- *
- * For most curves, 1 try is enough with overwhelming probability,
- * since N starts with a lot of 1s in binary, but some curves
- * such as secp224k1 are actually very close to the worst case.
- */
- if( ++count > 30 )
- {
- ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
- goto cleanup;
- }
-
- ret = mbedtls_mpi_lt_mpi_ct( d, &grp->N, &cmp );
- if( ret != 0 )
- {
- goto cleanup;
- }
- }
- while( mbedtls_mpi_cmp_int( d, 1 ) < 0 || cmp != 1 );
- }
+ return( mbedtls_ecp_gen_privkey_sw( &grp->N, d, f_rng, p_rng ) );
#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
-cleanup:
- return( ret );
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
}
/*
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index 165c315..9a32ac1 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -81,6 +81,33 @@
#endif /* bits in mbedtls_mpi_uint */
+#define ECP_MPI_INIT(s, n, p) {s, (n), (mbedtls_mpi_uint *)(p)}
+
+#define ECP_POINT_INIT_XY_Z0(x, y) { \
+ ECP_MPI_INIT(1, sizeof(x) / sizeof(mbedtls_mpi_uint), x),\
+ ECP_MPI_INIT(1, sizeof(y) / sizeof(mbedtls_mpi_uint), y), \
+ ECP_MPI_INIT(1, 0, NULL) }
+#define ECP_POINT_INIT_XY_Z1(x, y) { \
+ ECP_MPI_INIT(1, sizeof(x) / sizeof(mbedtls_mpi_uint), x),\
+ ECP_MPI_INIT(1, sizeof(y) / sizeof(mbedtls_mpi_uint), y), \
+ ECP_MPI_INIT(1, 1, mpi_one) }
+
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+/* For these curves, we build the group parameters dynamically. */
+#define ECP_LOAD_GROUP
+static mbedtls_mpi_uint mpi_one[] = {1};
+#endif
+
/*
* Note: the constants are in little-endian order
* to be directly usable in MPIs
@@ -115,6 +142,188 @@
BYTES_TO_T_UINT_8( 0x36, 0xF8, 0xDE, 0x99, 0xFF, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
};
+#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
+static const mbedtls_mpi_uint secp192r1_T_0_X[] = {
+ BYTES_TO_T_UINT_8( 0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4 ),
+ BYTES_TO_T_UINT_8( 0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C ),
+ BYTES_TO_T_UINT_8( 0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18 ),
+};
+static const mbedtls_mpi_uint secp192r1_T_0_Y[] = {
+ BYTES_TO_T_UINT_8( 0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73 ),
+ BYTES_TO_T_UINT_8( 0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63 ),
+ BYTES_TO_T_UINT_8( 0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07 ),
+};
+static const mbedtls_mpi_uint secp192r1_T_1_X[] = {
+ BYTES_TO_T_UINT_8( 0x97, 0x9E, 0xE3, 0x60, 0x59, 0xD1, 0xC4, 0xC2 ),
+ BYTES_TO_T_UINT_8( 0x91, 0xBD, 0x22, 0xD7, 0x2D, 0x07, 0xBD, 0xB6 ),
+ BYTES_TO_T_UINT_8( 0x74, 0x2A, 0xCF, 0x33, 0xF0, 0xBE, 0xD1, 0xED ),
+};
+static const mbedtls_mpi_uint secp192r1_T_1_Y[] = {
+ BYTES_TO_T_UINT_8( 0x88, 0x71, 0x4B, 0xA8, 0xED, 0x7E, 0xC9, 0x1A ),
+ BYTES_TO_T_UINT_8( 0x8E, 0x2A, 0xF6, 0xDF, 0x0E, 0xE8, 0x4C, 0x0F ),
+ BYTES_TO_T_UINT_8( 0xC5, 0x35, 0xF7, 0x8A, 0xC3, 0xEC, 0xDE, 0x1E ),
+};
+static const mbedtls_mpi_uint secp192r1_T_2_X[] = {
+ BYTES_TO_T_UINT_8( 0x00, 0x67, 0xC2, 0x1D, 0x32, 0x8F, 0x10, 0xFB ),
+ BYTES_TO_T_UINT_8( 0xBB, 0x2D, 0x17, 0xF3, 0xE4, 0xFE, 0xD8, 0x13 ),
+ BYTES_TO_T_UINT_8( 0x55, 0x45, 0x10, 0x70, 0x2C, 0x3E, 0x52, 0x3E ),
+};
+static const mbedtls_mpi_uint secp192r1_T_2_Y[] = {
+ BYTES_TO_T_UINT_8( 0x61, 0xF1, 0x04, 0x5D, 0xEE, 0xD4, 0x56, 0xE6 ),
+ BYTES_TO_T_UINT_8( 0x78, 0xB7, 0x38, 0x27, 0x61, 0xAA, 0x81, 0x87 ),
+ BYTES_TO_T_UINT_8( 0x71, 0x37, 0xD7, 0x0E, 0x29, 0x0E, 0x11, 0x14 ),
+};
+static const mbedtls_mpi_uint secp192r1_T_3_X[] = {
+ BYTES_TO_T_UINT_8( 0x1E, 0x35, 0x52, 0xC6, 0x31, 0xB7, 0x27, 0xF5 ),
+ BYTES_TO_T_UINT_8( 0x3D, 0xD4, 0x15, 0x98, 0x0F, 0xE7, 0xF3, 0x6A ),
+ BYTES_TO_T_UINT_8( 0xD3, 0x31, 0x70, 0x35, 0x09, 0xA0, 0x2B, 0xC2 ),
+};
+static const mbedtls_mpi_uint secp192r1_T_3_Y[] = {
+ BYTES_TO_T_UINT_8( 0x21, 0x75, 0xA7, 0x4C, 0x88, 0xCF, 0x5B, 0xE4 ),
+ BYTES_TO_T_UINT_8( 0x17, 0x17, 0x48, 0x8D, 0xF2, 0xF0, 0x86, 0xED ),
+ BYTES_TO_T_UINT_8( 0x49, 0xCF, 0xFE, 0x6B, 0xB0, 0xA5, 0x06, 0xAB ),
+};
+static const mbedtls_mpi_uint secp192r1_T_4_X[] = {
+ BYTES_TO_T_UINT_8( 0x18, 0x6A, 0xDC, 0x9A, 0x6D, 0x7B, 0x47, 0x2E ),
+ BYTES_TO_T_UINT_8( 0x12, 0xFC, 0x51, 0x12, 0x62, 0x66, 0x0B, 0x59 ),
+ BYTES_TO_T_UINT_8( 0xCD, 0x40, 0x93, 0xA0, 0xB5, 0x5A, 0x58, 0xD7 ),
+};
+static const mbedtls_mpi_uint secp192r1_T_4_Y[] = {
+ BYTES_TO_T_UINT_8( 0xEF, 0xCB, 0xAF, 0xDC, 0x0B, 0xA1, 0x26, 0xFB ),
+ BYTES_TO_T_UINT_8( 0xDA, 0x36, 0x9D, 0xA3, 0xD7, 0x3B, 0xAD, 0x39 ),
+ BYTES_TO_T_UINT_8( 0xB4, 0x3B, 0x05, 0x9A, 0xA8, 0xAA, 0x69, 0xB2 ),
+};
+static const mbedtls_mpi_uint secp192r1_T_5_X[] = {
+ BYTES_TO_T_UINT_8( 0x6D, 0xD9, 0xD1, 0x4D, 0x4A, 0x6E, 0x96, 0x1E ),
+ BYTES_TO_T_UINT_8( 0x17, 0x66, 0x32, 0x39, 0xC6, 0x57, 0x7D, 0xE6 ),
+ BYTES_TO_T_UINT_8( 0x92, 0xA0, 0x36, 0xC2, 0x45, 0xF9, 0x00, 0x62 ),
+};
+static const mbedtls_mpi_uint secp192r1_T_5_Y[] = {
+ BYTES_TO_T_UINT_8( 0xB4, 0xEF, 0x59, 0x46, 0xDC, 0x60, 0xD9, 0x8F ),
+ BYTES_TO_T_UINT_8( 0x24, 0xB0, 0xE9, 0x41, 0xA4, 0x87, 0x76, 0x89 ),
+ BYTES_TO_T_UINT_8( 0x13, 0xD4, 0x0E, 0xB2, 0xFA, 0x16, 0x56, 0xDC ),
+};
+static const mbedtls_mpi_uint secp192r1_T_6_X[] = {
+ BYTES_TO_T_UINT_8( 0x0A, 0x62, 0xD2, 0xB1, 0x34, 0xB2, 0xF1, 0x06 ),
+ BYTES_TO_T_UINT_8( 0xB2, 0xED, 0x55, 0xC5, 0x47, 0xB5, 0x07, 0x15 ),
+ BYTES_TO_T_UINT_8( 0x17, 0xF6, 0x2F, 0x94, 0xC3, 0xDD, 0x54, 0x2F ),
+};
+static const mbedtls_mpi_uint secp192r1_T_6_Y[] = {
+ BYTES_TO_T_UINT_8( 0xFD, 0xA6, 0xD4, 0x8C, 0xA9, 0xCE, 0x4D, 0x2E ),
+ BYTES_TO_T_UINT_8( 0xB9, 0x4B, 0x46, 0xCC, 0xB2, 0x55, 0xC8, 0xB2 ),
+ BYTES_TO_T_UINT_8( 0x3A, 0xAE, 0x31, 0xED, 0x89, 0x65, 0x59, 0x55 ),
+};
+static const mbedtls_mpi_uint secp192r1_T_7_X[] = {
+ BYTES_TO_T_UINT_8( 0xCC, 0x0A, 0xD1, 0x1A, 0xC5, 0xF6, 0xEA, 0x43 ),
+ BYTES_TO_T_UINT_8( 0x0C, 0xFC, 0x0C, 0x1A, 0xFB, 0xA0, 0xC8, 0x70 ),
+ BYTES_TO_T_UINT_8( 0xEA, 0xFD, 0x53, 0x6F, 0x6D, 0xBF, 0xBA, 0xAF ),
+};
+static const mbedtls_mpi_uint secp192r1_T_7_Y[] = {
+ BYTES_TO_T_UINT_8( 0x2D, 0xB0, 0x7D, 0x83, 0x96, 0xE3, 0xCB, 0x9D ),
+ BYTES_TO_T_UINT_8( 0x6F, 0x6E, 0x55, 0x2C, 0x20, 0x53, 0x2F, 0x46 ),
+ BYTES_TO_T_UINT_8( 0xA6, 0x66, 0x00, 0x17, 0x08, 0xFE, 0xAC, 0x31 ),
+};
+static const mbedtls_mpi_uint secp192r1_T_8_X[] = {
+ BYTES_TO_T_UINT_8( 0x09, 0x12, 0x97, 0x3A, 0xC7, 0x57, 0x45, 0xCD ),
+ BYTES_TO_T_UINT_8( 0x38, 0x25, 0x99, 0x00, 0xF6, 0x97, 0xB4, 0x64 ),
+ BYTES_TO_T_UINT_8( 0x9B, 0x74, 0xE6, 0xE6, 0xA3, 0xDF, 0x9C, 0xCC ),
+};
+static const mbedtls_mpi_uint secp192r1_T_8_Y[] = {
+ BYTES_TO_T_UINT_8( 0x32, 0xF4, 0x76, 0xD5, 0x5F, 0x2A, 0xFD, 0x85 ),
+ BYTES_TO_T_UINT_8( 0x62, 0x80, 0x7E, 0x3E, 0xE5, 0xE8, 0xD6, 0x63 ),
+ BYTES_TO_T_UINT_8( 0xE2, 0xAD, 0x1E, 0x70, 0x79, 0x3E, 0x3D, 0x83 ),
+};
+static const mbedtls_mpi_uint secp192r1_T_9_X[] = {
+ BYTES_TO_T_UINT_8( 0x8E, 0x15, 0xBB, 0xB3, 0x42, 0x6A, 0xA1, 0x7C ),
+ BYTES_TO_T_UINT_8( 0x9B, 0x58, 0xCB, 0x43, 0x25, 0x00, 0x14, 0x68 ),
+ BYTES_TO_T_UINT_8( 0x06, 0x4E, 0x93, 0x11, 0xE0, 0x32, 0x54, 0x98 ),
+};
+static const mbedtls_mpi_uint secp192r1_T_9_Y[] = {
+ BYTES_TO_T_UINT_8( 0xA7, 0x52, 0xA2, 0xB4, 0x57, 0x32, 0xB9, 0x11 ),
+ BYTES_TO_T_UINT_8( 0x7D, 0x43, 0xA1, 0xB1, 0xFB, 0x01, 0xE1, 0xE7 ),
+ BYTES_TO_T_UINT_8( 0xA6, 0xFB, 0x5A, 0x11, 0xB8, 0xC2, 0x03, 0xE5 ),
+};
+static const mbedtls_mpi_uint secp192r1_T_10_X[] = {
+ BYTES_TO_T_UINT_8( 0x1C, 0x2B, 0x71, 0x26, 0x4E, 0x7C, 0xC5, 0x32 ),
+ BYTES_TO_T_UINT_8( 0x1F, 0xF5, 0xD3, 0xA8, 0xE4, 0x95, 0x48, 0x65 ),
+ BYTES_TO_T_UINT_8( 0x55, 0xAE, 0xD9, 0x5D, 0x9F, 0x6A, 0x22, 0xAD ),
+};
+static const mbedtls_mpi_uint secp192r1_T_10_Y[] = {
+ BYTES_TO_T_UINT_8( 0xD9, 0xCC, 0xA3, 0x4D, 0xA0, 0x1C, 0x34, 0xEF ),
+ BYTES_TO_T_UINT_8( 0xA3, 0x3C, 0x62, 0xF8, 0x5E, 0xA6, 0x58, 0x7D ),
+ BYTES_TO_T_UINT_8( 0x6D, 0x6E, 0x66, 0x8A, 0x3D, 0x17, 0xFF, 0x0F ),
+};
+static const mbedtls_mpi_uint secp192r1_T_11_X[] = {
+ BYTES_TO_T_UINT_8( 0xF7, 0xCD, 0xA8, 0xDD, 0xD1, 0x20, 0x5C, 0xEA ),
+ BYTES_TO_T_UINT_8( 0xBF, 0xFE, 0x17, 0xE2, 0xCF, 0xEA, 0x63, 0xDE ),
+ BYTES_TO_T_UINT_8( 0x74, 0x51, 0xC9, 0x16, 0xDE, 0xB4, 0xB2, 0xDD ),
+};
+static const mbedtls_mpi_uint secp192r1_T_11_Y[] = {
+ BYTES_TO_T_UINT_8( 0x59, 0xBE, 0x12, 0xD7, 0xA3, 0x0A, 0x50, 0x33 ),
+ BYTES_TO_T_UINT_8( 0x53, 0x87, 0xC5, 0x8A, 0x76, 0x57, 0x07, 0x60 ),
+ BYTES_TO_T_UINT_8( 0xE5, 0x1F, 0xC6, 0x1B, 0x66, 0xC4, 0x3D, 0x8A ),
+};
+static const mbedtls_mpi_uint secp192r1_T_12_X[] = {
+ BYTES_TO_T_UINT_8( 0x28, 0xA4, 0x85, 0x13, 0x8F, 0xA7, 0x35, 0x19 ),
+ BYTES_TO_T_UINT_8( 0x58, 0x0D, 0xFD, 0xFF, 0x1B, 0xD1, 0xD6, 0xEF ),
+ BYTES_TO_T_UINT_8( 0xBA, 0x7A, 0xD0, 0xC3, 0xB4, 0xEF, 0x39, 0x66 ),
+};
+static const mbedtls_mpi_uint secp192r1_T_12_Y[] = {
+ BYTES_TO_T_UINT_8( 0x3A, 0xFE, 0xA5, 0x9C, 0x34, 0x30, 0x49, 0x40 ),
+ BYTES_TO_T_UINT_8( 0xDE, 0xC5, 0x39, 0x26, 0x06, 0xE3, 0x01, 0x17 ),
+ BYTES_TO_T_UINT_8( 0xE2, 0x2B, 0x66, 0xFC, 0x95, 0x5F, 0x35, 0xF7 ),
+};
+static const mbedtls_mpi_uint secp192r1_T_13_X[] = {
+ BYTES_TO_T_UINT_8( 0x58, 0xCF, 0x54, 0x63, 0x99, 0x57, 0x05, 0x45 ),
+ BYTES_TO_T_UINT_8( 0x71, 0x6F, 0x00, 0x5F, 0x65, 0x08, 0x47, 0x98 ),
+ BYTES_TO_T_UINT_8( 0x62, 0x2A, 0x90, 0x6D, 0x67, 0xC6, 0xBC, 0x45 ),
+};
+static const mbedtls_mpi_uint secp192r1_T_13_Y[] = {
+ BYTES_TO_T_UINT_8( 0x8A, 0x4D, 0x88, 0x0A, 0x35, 0x9E, 0x33, 0x9C ),
+ BYTES_TO_T_UINT_8( 0x7C, 0x17, 0x0C, 0xF8, 0xE1, 0x7A, 0x49, 0x02 ),
+ BYTES_TO_T_UINT_8( 0xA4, 0x44, 0x06, 0x8F, 0x0B, 0x70, 0x2F, 0x71 ),
+};
+static const mbedtls_mpi_uint secp192r1_T_14_X[] = {
+ BYTES_TO_T_UINT_8( 0x85, 0x4B, 0xCB, 0xF9, 0x8E, 0x6A, 0xDA, 0x1B ),
+ BYTES_TO_T_UINT_8( 0x29, 0x43, 0xA1, 0x3F, 0xCE, 0x17, 0xD2, 0x32 ),
+ BYTES_TO_T_UINT_8( 0x5D, 0x0D, 0xD2, 0x6C, 0x82, 0x37, 0xE5, 0xFC ),
+};
+static const mbedtls_mpi_uint secp192r1_T_14_Y[] = {
+ BYTES_TO_T_UINT_8( 0x4A, 0x3C, 0xF4, 0x92, 0xB4, 0x8A, 0x95, 0x85 ),
+ BYTES_TO_T_UINT_8( 0x85, 0x96, 0xF1, 0x0A, 0x34, 0x2F, 0x74, 0x7E ),
+ BYTES_TO_T_UINT_8( 0x7B, 0xA1, 0xAA, 0xBA, 0x86, 0x77, 0x4F, 0xA2 ),
+};
+static const mbedtls_mpi_uint secp192r1_T_15_X[] = {
+ BYTES_TO_T_UINT_8( 0xE5, 0x7F, 0xEF, 0x60, 0x50, 0x80, 0xD7, 0xD4 ),
+ BYTES_TO_T_UINT_8( 0x31, 0xAC, 0xC9, 0xFE, 0xEC, 0x0A, 0x1A, 0x9F ),
+ BYTES_TO_T_UINT_8( 0x6B, 0x2F, 0xBE, 0x91, 0xD7, 0xB7, 0x38, 0x48 ),
+};
+static const mbedtls_mpi_uint secp192r1_T_15_Y[] = {
+ BYTES_TO_T_UINT_8( 0xB1, 0xAE, 0x85, 0x98, 0xFE, 0x05, 0x7F, 0x9F ),
+ BYTES_TO_T_UINT_8( 0x91, 0xBE, 0xFD, 0x11, 0x31, 0x3D, 0x14, 0x13 ),
+ BYTES_TO_T_UINT_8( 0x59, 0x75, 0xE8, 0x30, 0x01, 0xCB, 0x9B, 0x1C ),
+};
+static const mbedtls_ecp_point secp192r1_T[16] = {
+ ECP_POINT_INIT_XY_Z1(secp192r1_T_0_X, secp192r1_T_0_Y),
+ ECP_POINT_INIT_XY_Z0(secp192r1_T_1_X, secp192r1_T_1_Y),
+ ECP_POINT_INIT_XY_Z0(secp192r1_T_2_X, secp192r1_T_2_Y),
+ ECP_POINT_INIT_XY_Z0(secp192r1_T_3_X, secp192r1_T_3_Y),
+ ECP_POINT_INIT_XY_Z0(secp192r1_T_4_X, secp192r1_T_4_Y),
+ ECP_POINT_INIT_XY_Z0(secp192r1_T_5_X, secp192r1_T_5_Y),
+ ECP_POINT_INIT_XY_Z0(secp192r1_T_6_X, secp192r1_T_6_Y),
+ ECP_POINT_INIT_XY_Z0(secp192r1_T_7_X, secp192r1_T_7_Y),
+ ECP_POINT_INIT_XY_Z0(secp192r1_T_8_X, secp192r1_T_8_Y),
+ ECP_POINT_INIT_XY_Z0(secp192r1_T_9_X, secp192r1_T_9_Y),
+ ECP_POINT_INIT_XY_Z0(secp192r1_T_10_X, secp192r1_T_10_Y),
+ ECP_POINT_INIT_XY_Z0(secp192r1_T_11_X, secp192r1_T_11_Y),
+ ECP_POINT_INIT_XY_Z0(secp192r1_T_12_X, secp192r1_T_12_Y),
+ ECP_POINT_INIT_XY_Z0(secp192r1_T_13_X, secp192r1_T_13_Y),
+ ECP_POINT_INIT_XY_Z0(secp192r1_T_14_X, secp192r1_T_14_Y),
+ ECP_POINT_INIT_XY_Z0(secp192r1_T_15_X, secp192r1_T_15_Y),
+};
+#else
+#define secp192r1_T NULL
+#endif
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
/*
@@ -151,6 +360,220 @@
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ),
};
+#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
+static const mbedtls_mpi_uint secp224r1_T_0_X[] = {
+ BYTES_TO_T_UINT_8( 0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34 ),
+ BYTES_TO_T_UINT_8( 0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A ),
+ BYTES_TO_T_UINT_8( 0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B ),
+ BYTES_TO_T_UINT_8( 0xBD, 0x0C, 0x0E, 0xB7, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_0_Y[] = {
+ BYTES_TO_T_UINT_8( 0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44 ),
+ BYTES_TO_T_UINT_8( 0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD ),
+ BYTES_TO_T_UINT_8( 0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5 ),
+ BYTES_TO_T_UINT_8( 0x88, 0x63, 0x37, 0xBD, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_1_X[] = {
+ BYTES_TO_T_UINT_8( 0xE0, 0xF9, 0xB8, 0xD0, 0x3D, 0xD2, 0xD3, 0xFA ),
+ BYTES_TO_T_UINT_8( 0x1E, 0xFD, 0x99, 0x26, 0x19, 0xFE, 0x13, 0x6E ),
+ BYTES_TO_T_UINT_8( 0x1C, 0x0E, 0x4C, 0x48, 0x7C, 0xA2, 0x17, 0x01 ),
+ BYTES_TO_T_UINT_8( 0x3D, 0xA3, 0x13, 0x57, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_1_Y[] = {
+ BYTES_TO_T_UINT_8( 0x9F, 0x16, 0x5C, 0x8F, 0xAA, 0xED, 0x0F, 0x58 ),
+ BYTES_TO_T_UINT_8( 0xBF, 0xC5, 0x43, 0x34, 0x93, 0x05, 0x2A, 0x4C ),
+ BYTES_TO_T_UINT_8( 0xE4, 0xE3, 0x6C, 0xCA, 0xC6, 0x14, 0xC2, 0x25 ),
+ BYTES_TO_T_UINT_8( 0xD3, 0x43, 0x6C, 0xD7, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_2_X[] = {
+ BYTES_TO_T_UINT_8( 0xC3, 0x5A, 0x98, 0x1E, 0xC8, 0xA5, 0x42, 0xA3 ),
+ BYTES_TO_T_UINT_8( 0x98, 0x49, 0x56, 0x78, 0xF8, 0xEF, 0xED, 0x65 ),
+ BYTES_TO_T_UINT_8( 0x1B, 0xBB, 0x64, 0xB6, 0x4C, 0x54, 0x5F, 0xD1 ),
+ BYTES_TO_T_UINT_8( 0x2F, 0x0C, 0x33, 0xCC, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_2_Y[] = {
+ BYTES_TO_T_UINT_8( 0xFA, 0x79, 0xCB, 0x2E, 0x08, 0xFF, 0xD8, 0xE6 ),
+ BYTES_TO_T_UINT_8( 0x2E, 0x1F, 0xD4, 0xD7, 0x57, 0xE9, 0x39, 0x45 ),
+ BYTES_TO_T_UINT_8( 0xD8, 0xD6, 0x3B, 0x0A, 0x1C, 0x87, 0xB7, 0x6A ),
+ BYTES_TO_T_UINT_8( 0xEB, 0x30, 0xD8, 0x05, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_3_X[] = {
+ BYTES_TO_T_UINT_8( 0xAD, 0x79, 0x74, 0x9A, 0xE6, 0xBB, 0xC2, 0xC2 ),
+ BYTES_TO_T_UINT_8( 0xB4, 0x5B, 0xA6, 0x67, 0xC1, 0x91, 0xE7, 0x64 ),
+ BYTES_TO_T_UINT_8( 0xF0, 0xDF, 0x38, 0x82, 0x19, 0x2C, 0x4C, 0xCA ),
+ BYTES_TO_T_UINT_8( 0xD1, 0x2E, 0x39, 0xC5, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_3_Y[] = {
+ BYTES_TO_T_UINT_8( 0x99, 0x36, 0x78, 0x4E, 0xAE, 0x5B, 0x02, 0x76 ),
+ BYTES_TO_T_UINT_8( 0x14, 0xF6, 0x8B, 0xF8, 0xF4, 0x92, 0x6B, 0x42 ),
+ BYTES_TO_T_UINT_8( 0xBA, 0x4D, 0x71, 0x35, 0xE7, 0x0C, 0x2C, 0x98 ),
+ BYTES_TO_T_UINT_8( 0x9B, 0xA5, 0x1F, 0xAE, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_4_X[] = {
+ BYTES_TO_T_UINT_8( 0xAF, 0x1C, 0x4B, 0xDF, 0x5B, 0xF2, 0x51, 0xB7 ),
+ BYTES_TO_T_UINT_8( 0x05, 0x74, 0xB1, 0x5A, 0xC6, 0x0F, 0x0E, 0x61 ),
+ BYTES_TO_T_UINT_8( 0xE8, 0x24, 0x09, 0x62, 0xAF, 0xFC, 0xDB, 0x45 ),
+ BYTES_TO_T_UINT_8( 0x43, 0xE1, 0x80, 0x55, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_4_Y[] = {
+ BYTES_TO_T_UINT_8( 0x3C, 0x82, 0xFE, 0xAD, 0xC3, 0xE5, 0xCF, 0xD8 ),
+ BYTES_TO_T_UINT_8( 0x24, 0xA2, 0x62, 0x17, 0x76, 0xF0, 0x5A, 0xFA ),
+ BYTES_TO_T_UINT_8( 0x3E, 0xB8, 0xE5, 0xAC, 0xB7, 0x66, 0x38, 0xAA ),
+ BYTES_TO_T_UINT_8( 0x97, 0xFD, 0x86, 0x05, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_5_X[] = {
+ BYTES_TO_T_UINT_8( 0x59, 0xD3, 0x0C, 0x3C, 0xD1, 0x66, 0xB0, 0xF1 ),
+ BYTES_TO_T_UINT_8( 0xBC, 0x59, 0xB4, 0x8D, 0x90, 0x10, 0xB7, 0xA2 ),
+ BYTES_TO_T_UINT_8( 0x96, 0x47, 0x9B, 0xE6, 0x55, 0x8A, 0xE4, 0xEE ),
+ BYTES_TO_T_UINT_8( 0xB1, 0x49, 0xDB, 0x78, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_5_Y[] = {
+ BYTES_TO_T_UINT_8( 0x41, 0x97, 0xED, 0xDE, 0xFF, 0xB3, 0xDF, 0x48 ),
+ BYTES_TO_T_UINT_8( 0x10, 0xB9, 0x83, 0xB7, 0xEB, 0xBE, 0x40, 0x8D ),
+ BYTES_TO_T_UINT_8( 0xAF, 0xD3, 0xD3, 0xCD, 0x0E, 0x82, 0x79, 0x3D ),
+ BYTES_TO_T_UINT_8( 0x9B, 0x83, 0x1B, 0xF0, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_6_X[] = {
+ BYTES_TO_T_UINT_8( 0x3F, 0x22, 0xBB, 0x54, 0xD3, 0x31, 0x56, 0xFC ),
+ BYTES_TO_T_UINT_8( 0x80, 0x36, 0xE5, 0xE0, 0x89, 0x96, 0x8E, 0x71 ),
+ BYTES_TO_T_UINT_8( 0xE1, 0xEF, 0x0A, 0xED, 0xD0, 0x11, 0x4A, 0xFF ),
+ BYTES_TO_T_UINT_8( 0x15, 0x00, 0x57, 0x27, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_6_Y[] = {
+ BYTES_TO_T_UINT_8( 0x13, 0xCA, 0x3D, 0xF7, 0x64, 0x9B, 0x6E, 0x85 ),
+ BYTES_TO_T_UINT_8( 0x90, 0xE3, 0x70, 0x6B, 0x41, 0xD7, 0xED, 0x8F ),
+ BYTES_TO_T_UINT_8( 0x02, 0x44, 0x44, 0x80, 0xCE, 0x13, 0x37, 0x92 ),
+ BYTES_TO_T_UINT_8( 0x94, 0x73, 0x80, 0x79, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_7_X[] = {
+ BYTES_TO_T_UINT_8( 0xB7, 0x4D, 0x70, 0x7D, 0x31, 0x0F, 0x1C, 0x58 ),
+ BYTES_TO_T_UINT_8( 0x6D, 0x35, 0x88, 0x47, 0xC4, 0x24, 0x78, 0x3F ),
+ BYTES_TO_T_UINT_8( 0xBA, 0xF0, 0xCD, 0x91, 0x81, 0xB3, 0xDE, 0xB6 ),
+ BYTES_TO_T_UINT_8( 0x04, 0xCE, 0xC6, 0xF7, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_7_Y[] = {
+ BYTES_TO_T_UINT_8( 0xE9, 0x9C, 0x2D, 0xE8, 0xD2, 0x00, 0x8F, 0x10 ),
+ BYTES_TO_T_UINT_8( 0xD5, 0x5E, 0x7C, 0x0E, 0x0C, 0x6E, 0x58, 0x02 ),
+ BYTES_TO_T_UINT_8( 0xAE, 0x81, 0x21, 0xCE, 0x43, 0xF4, 0x24, 0x3D ),
+ BYTES_TO_T_UINT_8( 0x9E, 0xBC, 0xF0, 0xF4, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_8_X[] = {
+ BYTES_TO_T_UINT_8( 0xD6, 0x10, 0xC2, 0x74, 0x4A, 0x8F, 0x8A, 0xCF ),
+ BYTES_TO_T_UINT_8( 0x89, 0x67, 0xF4, 0x2B, 0x38, 0x2B, 0x35, 0x17 ),
+ BYTES_TO_T_UINT_8( 0xF5, 0xE7, 0x0C, 0xA9, 0xFA, 0x77, 0x5C, 0xBD ),
+ BYTES_TO_T_UINT_8( 0xE0, 0x33, 0x19, 0x2B, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_8_Y[] = {
+ BYTES_TO_T_UINT_8( 0xE7, 0x3E, 0x96, 0x22, 0x53, 0xE1, 0xE9, 0xBE ),
+ BYTES_TO_T_UINT_8( 0xE0, 0x13, 0xBC, 0xA1, 0x16, 0xEC, 0x01, 0x1A ),
+ BYTES_TO_T_UINT_8( 0x9A, 0x00, 0xC9, 0x7A, 0xC3, 0x73, 0xA5, 0x45 ),
+ BYTES_TO_T_UINT_8( 0xE1, 0xF4, 0x5E, 0xC1, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_9_X[] = {
+ BYTES_TO_T_UINT_8( 0xA8, 0x95, 0xD6, 0xD9, 0x32, 0x30, 0x2B, 0xD0 ),
+ BYTES_TO_T_UINT_8( 0x77, 0x42, 0x09, 0x05, 0x61, 0x2A, 0x7E, 0x82 ),
+ BYTES_TO_T_UINT_8( 0x73, 0x84, 0xA2, 0x05, 0x88, 0x64, 0x65, 0xF9 ),
+ BYTES_TO_T_UINT_8( 0x03, 0x2D, 0x90, 0xB3, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_9_Y[] = {
+ BYTES_TO_T_UINT_8( 0x0A, 0xE7, 0x2E, 0x85, 0x55, 0x80, 0x7C, 0x79 ),
+ BYTES_TO_T_UINT_8( 0x0F, 0xC1, 0xAC, 0x78, 0xB4, 0xAF, 0xFB, 0x6E ),
+ BYTES_TO_T_UINT_8( 0xD3, 0xC3, 0x28, 0x8E, 0x79, 0x18, 0x1F, 0x58 ),
+ BYTES_TO_T_UINT_8( 0x34, 0x46, 0xCF, 0x49, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_10_X[] = {
+ BYTES_TO_T_UINT_8( 0x63, 0x5F, 0xA8, 0x6C, 0x46, 0x83, 0x43, 0xFA ),
+ BYTES_TO_T_UINT_8( 0xFA, 0xA9, 0x93, 0x11, 0xB6, 0x07, 0x57, 0x74 ),
+ BYTES_TO_T_UINT_8( 0x77, 0x2A, 0x9D, 0x03, 0x89, 0x7E, 0xD7, 0x3C ),
+ BYTES_TO_T_UINT_8( 0x7B, 0x8C, 0x62, 0xCF, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_10_Y[] = {
+ BYTES_TO_T_UINT_8( 0x44, 0x2C, 0x13, 0x59, 0xCC, 0xFA, 0x84, 0x9E ),
+ BYTES_TO_T_UINT_8( 0x51, 0xB9, 0x48, 0xBC, 0x57, 0xC7, 0xB3, 0x7C ),
+ BYTES_TO_T_UINT_8( 0xFC, 0x0A, 0x38, 0x24, 0x2E, 0x3A, 0x28, 0x25 ),
+ BYTES_TO_T_UINT_8( 0xBC, 0x0A, 0x43, 0xB8, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_11_X[] = {
+ BYTES_TO_T_UINT_8( 0x59, 0x25, 0xAB, 0xC1, 0xEE, 0x70, 0x3C, 0xE1 ),
+ BYTES_TO_T_UINT_8( 0xF3, 0xDB, 0x45, 0x1D, 0x4A, 0x80, 0x75, 0x35 ),
+ BYTES_TO_T_UINT_8( 0xE8, 0x1F, 0x4D, 0x2D, 0x9A, 0x05, 0xF4, 0xCB ),
+ BYTES_TO_T_UINT_8( 0x6B, 0x10, 0xF0, 0x5A, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_11_Y[] = {
+ BYTES_TO_T_UINT_8( 0x35, 0x95, 0xE1, 0xDC, 0x15, 0x86, 0xC3, 0x7B ),
+ BYTES_TO_T_UINT_8( 0xEC, 0xDC, 0x27, 0xD1, 0x56, 0xA1, 0x14, 0x0D ),
+ BYTES_TO_T_UINT_8( 0x59, 0x0B, 0xD6, 0x77, 0x4E, 0x44, 0xA2, 0xF8 ),
+ BYTES_TO_T_UINT_8( 0x94, 0x42, 0x71, 0x1F, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_12_X[] = {
+ BYTES_TO_T_UINT_8( 0x30, 0x86, 0xB2, 0xB0, 0xC8, 0x2F, 0x7B, 0xFE ),
+ BYTES_TO_T_UINT_8( 0x96, 0xEF, 0xCB, 0xDB, 0xBC, 0x9E, 0x3B, 0xC5 ),
+ BYTES_TO_T_UINT_8( 0x1B, 0x03, 0x86, 0xDD, 0x5B, 0xF5, 0x8D, 0x46 ),
+ BYTES_TO_T_UINT_8( 0x58, 0x95, 0x79, 0xD6, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_12_Y[] = {
+ BYTES_TO_T_UINT_8( 0x84, 0x32, 0x14, 0xDA, 0x9B, 0x4F, 0x07, 0x39 ),
+ BYTES_TO_T_UINT_8( 0xB5, 0x3E, 0xFB, 0x06, 0xEE, 0xA7, 0x40, 0x40 ),
+ BYTES_TO_T_UINT_8( 0x76, 0x1F, 0xDF, 0x71, 0x61, 0xFD, 0x8B, 0xBE ),
+ BYTES_TO_T_UINT_8( 0x80, 0x8B, 0xAB, 0x8B, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_13_X[] = {
+ BYTES_TO_T_UINT_8( 0xC9, 0x34, 0xB3, 0xB4, 0xBC, 0x9F, 0xB0, 0x5E ),
+ BYTES_TO_T_UINT_8( 0xE6, 0x58, 0x48, 0xA8, 0x77, 0xBB, 0x13, 0x2F ),
+ BYTES_TO_T_UINT_8( 0x41, 0xC6, 0xF7, 0x34, 0xCC, 0x89, 0x21, 0x0A ),
+ BYTES_TO_T_UINT_8( 0xCA, 0x33, 0xDD, 0x1F, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_13_Y[] = {
+ BYTES_TO_T_UINT_8( 0xCC, 0x81, 0xEF, 0xA4, 0xF2, 0x10, 0x0B, 0xCD ),
+ BYTES_TO_T_UINT_8( 0x83, 0xF7, 0x6E, 0x72, 0x4A, 0xDF, 0xDD, 0xE8 ),
+ BYTES_TO_T_UINT_8( 0x67, 0x23, 0x0A, 0x53, 0x03, 0x16, 0x62, 0xD2 ),
+ BYTES_TO_T_UINT_8( 0x0B, 0x76, 0xFD, 0x3C, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_14_X[] = {
+ BYTES_TO_T_UINT_8( 0xCB, 0x14, 0xA1, 0xFA, 0xA0, 0x18, 0xBE, 0x07 ),
+ BYTES_TO_T_UINT_8( 0x03, 0x2A, 0xE1, 0xD7, 0xB0, 0x6C, 0xA0, 0xDE ),
+ BYTES_TO_T_UINT_8( 0xD1, 0xC0, 0xB0, 0xC6, 0x63, 0x24, 0xCD, 0x4E ),
+ BYTES_TO_T_UINT_8( 0x33, 0x38, 0x2C, 0xB1, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_14_Y[] = {
+ BYTES_TO_T_UINT_8( 0xEE, 0xCD, 0x7D, 0x20, 0x0C, 0xFE, 0xAC, 0xC3 ),
+ BYTES_TO_T_UINT_8( 0x09, 0x97, 0x9F, 0xA2, 0xB6, 0x45, 0xF7, 0x7B ),
+ BYTES_TO_T_UINT_8( 0xCA, 0x99, 0xF3, 0xD2, 0x20, 0x02, 0xEB, 0x04 ),
+ BYTES_TO_T_UINT_8( 0x43, 0x18, 0x5B, 0x7B, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_15_X[] = {
+ BYTES_TO_T_UINT_8( 0x2B, 0xDD, 0x77, 0x91, 0x60, 0xEA, 0xFD, 0xD3 ),
+ BYTES_TO_T_UINT_8( 0x7D, 0xD3, 0xB5, 0xD6, 0x90, 0x17, 0x0E, 0x1A ),
+ BYTES_TO_T_UINT_8( 0x00, 0xF4, 0x28, 0xC1, 0xF2, 0x53, 0xF6, 0x63 ),
+ BYTES_TO_T_UINT_8( 0x49, 0x58, 0xDC, 0x61, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224r1_T_15_Y[] = {
+ BYTES_TO_T_UINT_8( 0xA8, 0x20, 0x01, 0xFB, 0xF1, 0xBD, 0x5F, 0x45 ),
+ BYTES_TO_T_UINT_8( 0xD0, 0x7F, 0x06, 0xDA, 0x11, 0xCB, 0xBA, 0xA6 ),
+ BYTES_TO_T_UINT_8( 0xA7, 0x41, 0x00, 0xA4, 0x1B, 0x30, 0x33, 0x79 ),
+ BYTES_TO_T_UINT_8( 0xF4, 0xFF, 0x27, 0xCA, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_ecp_point secp224r1_T[16] = {
+ ECP_POINT_INIT_XY_Z1(secp224r1_T_0_X, secp224r1_T_0_Y),
+ ECP_POINT_INIT_XY_Z0(secp224r1_T_1_X, secp224r1_T_1_Y),
+ ECP_POINT_INIT_XY_Z0(secp224r1_T_2_X, secp224r1_T_2_Y),
+ ECP_POINT_INIT_XY_Z0(secp224r1_T_3_X, secp224r1_T_3_Y),
+ ECP_POINT_INIT_XY_Z0(secp224r1_T_4_X, secp224r1_T_4_Y),
+ ECP_POINT_INIT_XY_Z0(secp224r1_T_5_X, secp224r1_T_5_Y),
+ ECP_POINT_INIT_XY_Z0(secp224r1_T_6_X, secp224r1_T_6_Y),
+ ECP_POINT_INIT_XY_Z0(secp224r1_T_7_X, secp224r1_T_7_Y),
+ ECP_POINT_INIT_XY_Z0(secp224r1_T_8_X, secp224r1_T_8_Y),
+ ECP_POINT_INIT_XY_Z0(secp224r1_T_9_X, secp224r1_T_9_Y),
+ ECP_POINT_INIT_XY_Z0(secp224r1_T_10_X, secp224r1_T_10_Y),
+ ECP_POINT_INIT_XY_Z0(secp224r1_T_11_X, secp224r1_T_11_Y),
+ ECP_POINT_INIT_XY_Z0(secp224r1_T_12_X, secp224r1_T_12_Y),
+ ECP_POINT_INIT_XY_Z0(secp224r1_T_13_X, secp224r1_T_13_Y),
+ ECP_POINT_INIT_XY_Z0(secp224r1_T_14_X, secp224r1_T_14_Y),
+ ECP_POINT_INIT_XY_Z0(secp224r1_T_15_X, secp224r1_T_15_Y),
+};
+#else
+#define secp224r1_T NULL
+#endif
#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
/*
@@ -187,6 +610,221 @@
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
};
+#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
+static const mbedtls_mpi_uint secp256r1_T_0_X[] = {
+ BYTES_TO_T_UINT_8( 0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4 ),
+ BYTES_TO_T_UINT_8( 0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77 ),
+ BYTES_TO_T_UINT_8( 0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8 ),
+ BYTES_TO_T_UINT_8( 0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B ),
+};
+static const mbedtls_mpi_uint secp256r1_T_0_Y[] = {
+ BYTES_TO_T_UINT_8( 0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB ),
+ BYTES_TO_T_UINT_8( 0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B ),
+ BYTES_TO_T_UINT_8( 0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E ),
+ BYTES_TO_T_UINT_8( 0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F ),
+};
+static const mbedtls_mpi_uint secp256r1_T_1_X[] = {
+ BYTES_TO_T_UINT_8( 0x70, 0xC8, 0xBA, 0x04, 0xB7, 0x4B, 0xD2, 0xF7 ),
+ BYTES_TO_T_UINT_8( 0xAB, 0xC6, 0x23, 0x3A, 0xA0, 0x09, 0x3A, 0x59 ),
+ BYTES_TO_T_UINT_8( 0x1D, 0x9D, 0x4C, 0xF9, 0x58, 0x23, 0xCC, 0xDF ),
+ BYTES_TO_T_UINT_8( 0x02, 0xED, 0x7B, 0x29, 0x87, 0x0F, 0xFA, 0x3C ),
+};
+static const mbedtls_mpi_uint secp256r1_T_1_Y[] = {
+ BYTES_TO_T_UINT_8( 0x40, 0x69, 0xF2, 0x40, 0x0B, 0xA3, 0x98, 0xCE ),
+ BYTES_TO_T_UINT_8( 0xAF, 0xA8, 0x48, 0x02, 0x0D, 0x1C, 0x12, 0x62 ),
+ BYTES_TO_T_UINT_8( 0x9B, 0xAF, 0x09, 0x83, 0x80, 0xAA, 0x58, 0xA7 ),
+ BYTES_TO_T_UINT_8( 0xC6, 0x12, 0xBE, 0x70, 0x94, 0x76, 0xE3, 0xE4 ),
+};
+static const mbedtls_mpi_uint secp256r1_T_2_X[] = {
+ BYTES_TO_T_UINT_8( 0x7D, 0x7D, 0xEF, 0x86, 0xFF, 0xE3, 0x37, 0xDD ),
+ BYTES_TO_T_UINT_8( 0xDB, 0x86, 0x8B, 0x08, 0x27, 0x7C, 0xD7, 0xF6 ),
+ BYTES_TO_T_UINT_8( 0x91, 0x54, 0x4C, 0x25, 0x4F, 0x9A, 0xFE, 0x28 ),
+ BYTES_TO_T_UINT_8( 0x5E, 0xFD, 0xF0, 0x6D, 0x37, 0x03, 0x69, 0xD6 ),
+};
+static const mbedtls_mpi_uint secp256r1_T_2_Y[] = {
+ BYTES_TO_T_UINT_8( 0x96, 0xD5, 0xDA, 0xAD, 0x92, 0x49, 0xF0, 0x9F ),
+ BYTES_TO_T_UINT_8( 0xF9, 0x73, 0x43, 0x9E, 0xAF, 0xA7, 0xD1, 0xF3 ),
+ BYTES_TO_T_UINT_8( 0x67, 0x41, 0x07, 0xDF, 0x78, 0x95, 0x3E, 0xA1 ),
+ BYTES_TO_T_UINT_8( 0x22, 0x3D, 0xD1, 0xE6, 0x3C, 0xA5, 0xE2, 0x20 ),
+};
+static const mbedtls_mpi_uint secp256r1_T_3_X[] = {
+ BYTES_TO_T_UINT_8( 0xBF, 0x6A, 0x5D, 0x52, 0x35, 0xD7, 0xBF, 0xAE ),
+ BYTES_TO_T_UINT_8( 0x5A, 0xA2, 0xBE, 0x96, 0xF4, 0xF8, 0x02, 0xC3 ),
+ BYTES_TO_T_UINT_8( 0xA4, 0x20, 0x49, 0x54, 0xEA, 0xB3, 0x82, 0xDB ),
+ BYTES_TO_T_UINT_8( 0x2E, 0xDB, 0xEA, 0x02, 0xD1, 0x75, 0x1C, 0x62 ),
+};
+static const mbedtls_mpi_uint secp256r1_T_3_Y[] = {
+ BYTES_TO_T_UINT_8( 0xF0, 0x85, 0xF4, 0x9E, 0x4C, 0xDC, 0x39, 0x89 ),
+ BYTES_TO_T_UINT_8( 0x63, 0x6D, 0xC4, 0x57, 0xD8, 0x03, 0x5D, 0x22 ),
+ BYTES_TO_T_UINT_8( 0x70, 0x7F, 0x2D, 0x52, 0x6F, 0xC9, 0xDA, 0x4F ),
+ BYTES_TO_T_UINT_8( 0x9D, 0x64, 0xFA, 0xB4, 0xFE, 0xA4, 0xC4, 0xD7 ),
+};
+static const mbedtls_mpi_uint secp256r1_T_4_X[] = {
+ BYTES_TO_T_UINT_8( 0x2A, 0x37, 0xB9, 0xC0, 0xAA, 0x59, 0xC6, 0x8B ),
+ BYTES_TO_T_UINT_8( 0x3F, 0x58, 0xD9, 0xED, 0x58, 0x99, 0x65, 0xF7 ),
+ BYTES_TO_T_UINT_8( 0x88, 0x7D, 0x26, 0x8C, 0x4A, 0xF9, 0x05, 0x9F ),
+ BYTES_TO_T_UINT_8( 0x9D, 0x73, 0x9A, 0xC9, 0xE7, 0x46, 0xDC, 0x00 ),
+};
+static const mbedtls_mpi_uint secp256r1_T_4_Y[] = {
+ BYTES_TO_T_UINT_8( 0xF2, 0xD0, 0x55, 0xDF, 0x00, 0x0A, 0xF5, 0x4A ),
+ BYTES_TO_T_UINT_8( 0x6A, 0xBF, 0x56, 0x81, 0x2D, 0x20, 0xEB, 0xB5 ),
+ BYTES_TO_T_UINT_8( 0x11, 0xC1, 0x28, 0x52, 0xAB, 0xE3, 0xD1, 0x40 ),
+ BYTES_TO_T_UINT_8( 0x24, 0x34, 0x79, 0x45, 0x57, 0xA5, 0x12, 0x03 ),
+};
+static const mbedtls_mpi_uint secp256r1_T_5_X[] = {
+ BYTES_TO_T_UINT_8( 0xEE, 0xCF, 0xB8, 0x7E, 0xF7, 0x92, 0x96, 0x8D ),
+ BYTES_TO_T_UINT_8( 0x3D, 0x01, 0x8C, 0x0D, 0x23, 0xF2, 0xE3, 0x05 ),
+ BYTES_TO_T_UINT_8( 0x59, 0x2E, 0xE3, 0x84, 0x52, 0x7A, 0x34, 0x76 ),
+ BYTES_TO_T_UINT_8( 0xE5, 0xA1, 0xB0, 0x15, 0x90, 0xE2, 0x53, 0x3C ),
+};
+static const mbedtls_mpi_uint secp256r1_T_5_Y[] = {
+ BYTES_TO_T_UINT_8( 0xD4, 0x98, 0xE7, 0xFA, 0xA5, 0x7D, 0x8B, 0x53 ),
+ BYTES_TO_T_UINT_8( 0x91, 0x35, 0xD2, 0x00, 0xD1, 0x1B, 0x9F, 0x1B ),
+ BYTES_TO_T_UINT_8( 0x3F, 0x69, 0x08, 0x9A, 0x72, 0xF0, 0xA9, 0x11 ),
+ BYTES_TO_T_UINT_8( 0xB3, 0xFE, 0x0E, 0x14, 0xDA, 0x7C, 0x0E, 0xD3 ),
+};
+static const mbedtls_mpi_uint secp256r1_T_6_X[] = {
+ BYTES_TO_T_UINT_8( 0x83, 0xF6, 0xE8, 0xF8, 0x87, 0xF7, 0xFC, 0x6D ),
+ BYTES_TO_T_UINT_8( 0x90, 0xBE, 0x7F, 0x3F, 0x7A, 0x2B, 0xD7, 0x13 ),
+ BYTES_TO_T_UINT_8( 0xCF, 0x32, 0xF2, 0x2D, 0x94, 0x6D, 0x42, 0xFD ),
+ BYTES_TO_T_UINT_8( 0xAD, 0x9A, 0xE3, 0x5F, 0x42, 0xBB, 0x84, 0xED ),
+};
+static const mbedtls_mpi_uint secp256r1_T_6_Y[] = {
+ BYTES_TO_T_UINT_8( 0xFC, 0x95, 0x29, 0x73, 0xA1, 0x67, 0x3E, 0x02 ),
+ BYTES_TO_T_UINT_8( 0xE3, 0x30, 0x54, 0x35, 0x8E, 0x0A, 0xDD, 0x67 ),
+ BYTES_TO_T_UINT_8( 0x03, 0xD7, 0xA1, 0x97, 0x61, 0x3B, 0xF8, 0x0C ),
+ BYTES_TO_T_UINT_8( 0xF2, 0x33, 0x3C, 0x58, 0x55, 0x34, 0x23, 0xA3 ),
+};
+static const mbedtls_mpi_uint secp256r1_T_7_X[] = {
+ BYTES_TO_T_UINT_8( 0x99, 0x5D, 0x16, 0x5F, 0x7B, 0xBC, 0xBB, 0xCE ),
+ BYTES_TO_T_UINT_8( 0x61, 0xEE, 0x4E, 0x8A, 0xC1, 0x51, 0xCC, 0x50 ),
+ BYTES_TO_T_UINT_8( 0x1F, 0x0D, 0x4D, 0x1B, 0x53, 0x23, 0x1D, 0xB3 ),
+ BYTES_TO_T_UINT_8( 0xDA, 0x2A, 0x38, 0x66, 0x52, 0x84, 0xE1, 0x95 ),
+};
+static const mbedtls_mpi_uint secp256r1_T_7_Y[] = {
+ BYTES_TO_T_UINT_8( 0x5B, 0x9B, 0x83, 0x0A, 0x81, 0x4F, 0xAD, 0xAC ),
+ BYTES_TO_T_UINT_8( 0x0F, 0xFF, 0x42, 0x41, 0x6E, 0xA9, 0xA2, 0xA0 ),
+ BYTES_TO_T_UINT_8( 0x2F, 0xA1, 0x4F, 0x1F, 0x89, 0x82, 0xAA, 0x3E ),
+ BYTES_TO_T_UINT_8( 0xF3, 0xB8, 0x0F, 0x6B, 0x8F, 0x8C, 0xD6, 0x68 ),
+};
+static const mbedtls_mpi_uint secp256r1_T_8_X[] = {
+ BYTES_TO_T_UINT_8( 0xF1, 0xB3, 0xBB, 0x51, 0x69, 0xA2, 0x11, 0x93 ),
+ BYTES_TO_T_UINT_8( 0x65, 0x4F, 0x0F, 0x8D, 0xBD, 0x26, 0x0F, 0xE8 ),
+ BYTES_TO_T_UINT_8( 0xB9, 0xCB, 0xEC, 0x6B, 0x34, 0xC3, 0x3D, 0x9D ),
+ BYTES_TO_T_UINT_8( 0xE4, 0x5D, 0x1E, 0x10, 0xD5, 0x44, 0xE2, 0x54 ),
+};
+static const mbedtls_mpi_uint secp256r1_T_8_Y[] = {
+ BYTES_TO_T_UINT_8( 0x28, 0x9E, 0xB1, 0xF1, 0x6E, 0x4C, 0xAD, 0xB3 ),
+ BYTES_TO_T_UINT_8( 0xB7, 0xE3, 0xC2, 0x58, 0xC0, 0xFB, 0x34, 0x43 ),
+ BYTES_TO_T_UINT_8( 0x25, 0x9C, 0xDF, 0x35, 0x07, 0x41, 0xBD, 0x19 ),
+ BYTES_TO_T_UINT_8( 0xB6, 0x6E, 0x10, 0xEC, 0x0E, 0xEC, 0xBB, 0xD6 ),
+};
+static const mbedtls_mpi_uint secp256r1_T_9_X[] = {
+ BYTES_TO_T_UINT_8( 0xC8, 0xCF, 0xEF, 0x3F, 0x83, 0x1A, 0x88, 0xE8 ),
+ BYTES_TO_T_UINT_8( 0x0B, 0x29, 0xB5, 0xB9, 0xE0, 0xC9, 0xA3, 0xAE ),
+ BYTES_TO_T_UINT_8( 0x88, 0x46, 0x1E, 0x77, 0xCD, 0x7E, 0xB3, 0x10 ),
+ BYTES_TO_T_UINT_8( 0xB6, 0x21, 0xD0, 0xD4, 0xA3, 0x16, 0x08, 0xEE ),
+};
+static const mbedtls_mpi_uint secp256r1_T_9_Y[] = {
+ BYTES_TO_T_UINT_8( 0xA1, 0xCA, 0xA8, 0xB3, 0xBF, 0x29, 0x99, 0x8E ),
+ BYTES_TO_T_UINT_8( 0xD1, 0xF2, 0x05, 0xC1, 0xCF, 0x5D, 0x91, 0x48 ),
+ BYTES_TO_T_UINT_8( 0x9F, 0x01, 0x49, 0xDB, 0x82, 0xDF, 0x5F, 0x3A ),
+ BYTES_TO_T_UINT_8( 0xE1, 0x06, 0x90, 0xAD, 0xE3, 0x38, 0xA4, 0xC4 ),
+};
+static const mbedtls_mpi_uint secp256r1_T_10_X[] = {
+ BYTES_TO_T_UINT_8( 0xC9, 0xD2, 0x3A, 0xE8, 0x03, 0xC5, 0x6D, 0x5D ),
+ BYTES_TO_T_UINT_8( 0xBE, 0x35, 0xD0, 0xAE, 0x1D, 0x7A, 0x9F, 0xCA ),
+ BYTES_TO_T_UINT_8( 0x33, 0x1E, 0xD2, 0xCB, 0xAC, 0x88, 0x27, 0x55 ),
+ BYTES_TO_T_UINT_8( 0xF0, 0xB9, 0x9C, 0xE0, 0x31, 0xDD, 0x99, 0x86 ),
+};
+static const mbedtls_mpi_uint secp256r1_T_10_Y[] = {
+ BYTES_TO_T_UINT_8( 0x61, 0xF9, 0x9B, 0x32, 0x96, 0x41, 0x58, 0x38 ),
+ BYTES_TO_T_UINT_8( 0xF9, 0x5A, 0x2A, 0xB8, 0x96, 0x0E, 0xB2, 0x4C ),
+ BYTES_TO_T_UINT_8( 0xC1, 0x78, 0x2C, 0xC7, 0x08, 0x99, 0x19, 0x24 ),
+ BYTES_TO_T_UINT_8( 0xB7, 0x59, 0x28, 0xE9, 0x84, 0x54, 0xE6, 0x16 ),
+};
+static const mbedtls_mpi_uint secp256r1_T_11_X[] = {
+ BYTES_TO_T_UINT_8( 0xDD, 0x38, 0x30, 0xDB, 0x70, 0x2C, 0x0A, 0xA2 ),
+ BYTES_TO_T_UINT_8( 0x7C, 0x5C, 0x9D, 0xE9, 0xD5, 0x46, 0x0B, 0x5F ),
+ BYTES_TO_T_UINT_8( 0x83, 0x0B, 0x60, 0x4B, 0x37, 0x7D, 0xB9, 0xC9 ),
+ BYTES_TO_T_UINT_8( 0x5E, 0x24, 0xF3, 0x3D, 0x79, 0x7F, 0x6C, 0x18 ),
+};
+static const mbedtls_mpi_uint secp256r1_T_11_Y[] = {
+ BYTES_TO_T_UINT_8( 0x7F, 0xE5, 0x1C, 0x4F, 0x60, 0x24, 0xF7, 0x2A ),
+ BYTES_TO_T_UINT_8( 0xED, 0xD8, 0xE2, 0x91, 0x7F, 0x89, 0x49, 0x92 ),
+ BYTES_TO_T_UINT_8( 0x97, 0xA7, 0x2E, 0x8D, 0x6A, 0xB3, 0x39, 0x81 ),
+ BYTES_TO_T_UINT_8( 0x13, 0x89, 0xB5, 0x9A, 0xB8, 0x8D, 0x42, 0x9C ),
+};
+static const mbedtls_mpi_uint secp256r1_T_12_X[] = {
+ BYTES_TO_T_UINT_8( 0x8D, 0x45, 0xE6, 0x4B, 0x3F, 0x4F, 0x1E, 0x1F ),
+ BYTES_TO_T_UINT_8( 0x47, 0x65, 0x5E, 0x59, 0x22, 0xCC, 0x72, 0x5F ),
+ BYTES_TO_T_UINT_8( 0xF1, 0x93, 0x1A, 0x27, 0x1E, 0x34, 0xC5, 0x5B ),
+ BYTES_TO_T_UINT_8( 0x63, 0xF2, 0xA5, 0x58, 0x5C, 0x15, 0x2E, 0xC6 ),
+};
+static const mbedtls_mpi_uint secp256r1_T_12_Y[] = {
+ BYTES_TO_T_UINT_8( 0xF4, 0x7F, 0xBA, 0x58, 0x5A, 0x84, 0x6F, 0x5F ),
+ BYTES_TO_T_UINT_8( 0xAD, 0xA6, 0x36, 0x7E, 0xDC, 0xF7, 0xE1, 0x67 ),
+ BYTES_TO_T_UINT_8( 0x04, 0x4D, 0xAA, 0xEE, 0x57, 0x76, 0x3A, 0xD3 ),
+ BYTES_TO_T_UINT_8( 0x4E, 0x7E, 0x26, 0x18, 0x22, 0x23, 0x9F, 0xFF ),
+};
+static const mbedtls_mpi_uint secp256r1_T_13_X[] = {
+ BYTES_TO_T_UINT_8( 0x1D, 0x4C, 0x64, 0xC7, 0x55, 0x02, 0x3F, 0xE3 ),
+ BYTES_TO_T_UINT_8( 0xD8, 0x02, 0x90, 0xBB, 0xC3, 0xEC, 0x30, 0x40 ),
+ BYTES_TO_T_UINT_8( 0x9F, 0x6F, 0x64, 0xF4, 0x16, 0x69, 0x48, 0xA4 ),
+ BYTES_TO_T_UINT_8( 0xFA, 0x44, 0x9C, 0x95, 0x0C, 0x7D, 0x67, 0x5E ),
+};
+static const mbedtls_mpi_uint secp256r1_T_13_Y[] = {
+ BYTES_TO_T_UINT_8( 0x44, 0x91, 0x8B, 0xD8, 0xD0, 0xD7, 0xE7, 0xE2 ),
+ BYTES_TO_T_UINT_8( 0x1F, 0xF9, 0x48, 0x62, 0x6F, 0xA8, 0x93, 0x5D ),
+ BYTES_TO_T_UINT_8( 0xEA, 0x3A, 0x99, 0x02, 0xD5, 0x0B, 0x3D, 0xE3 ),
+ BYTES_TO_T_UINT_8( 0x1E, 0xD3, 0x00, 0x31, 0xE6, 0x0C, 0x9F, 0x44 ),
+};
+static const mbedtls_mpi_uint secp256r1_T_14_X[] = {
+ BYTES_TO_T_UINT_8( 0x56, 0xB2, 0xAA, 0xFD, 0x88, 0x15, 0xDF, 0x52 ),
+ BYTES_TO_T_UINT_8( 0x4C, 0x35, 0x27, 0x31, 0x44, 0xCD, 0xC0, 0x68 ),
+ BYTES_TO_T_UINT_8( 0x53, 0xF8, 0x91, 0xA5, 0x71, 0x94, 0x84, 0x2A ),
+ BYTES_TO_T_UINT_8( 0x92, 0xCB, 0xD0, 0x93, 0xE9, 0x88, 0xDA, 0xE4 ),
+};
+static const mbedtls_mpi_uint secp256r1_T_14_Y[] = {
+ BYTES_TO_T_UINT_8( 0x24, 0xC6, 0x39, 0x16, 0x5D, 0xA3, 0x1E, 0x6D ),
+ BYTES_TO_T_UINT_8( 0xBA, 0x07, 0x37, 0x26, 0x36, 0x2A, 0xFE, 0x60 ),
+ BYTES_TO_T_UINT_8( 0x51, 0xBC, 0xF3, 0xD0, 0xDE, 0x50, 0xFC, 0x97 ),
+ BYTES_TO_T_UINT_8( 0x80, 0x2E, 0x06, 0x10, 0x15, 0x4D, 0xFA, 0xF7 ),
+};
+static const mbedtls_mpi_uint secp256r1_T_15_X[] = {
+ BYTES_TO_T_UINT_8( 0x27, 0x65, 0x69, 0x5B, 0x66, 0xA2, 0x75, 0x2E ),
+ BYTES_TO_T_UINT_8( 0x9C, 0x16, 0x00, 0x5A, 0xB0, 0x30, 0x25, 0x1A ),
+ BYTES_TO_T_UINT_8( 0x42, 0xFB, 0x86, 0x42, 0x80, 0xC1, 0xC4, 0x76 ),
+ BYTES_TO_T_UINT_8( 0x5B, 0x1D, 0x83, 0x8E, 0x94, 0x01, 0x5F, 0x82 ),
+};
+static const mbedtls_mpi_uint secp256r1_T_15_Y[] = {
+ BYTES_TO_T_UINT_8( 0x39, 0x37, 0x70, 0xEF, 0x1F, 0xA1, 0xF0, 0xDB ),
+ BYTES_TO_T_UINT_8( 0x6A, 0x10, 0x5B, 0xCE, 0xC4, 0x9B, 0x6F, 0x10 ),
+ BYTES_TO_T_UINT_8( 0x50, 0x11, 0x11, 0x24, 0x4F, 0x4C, 0x79, 0x61 ),
+ BYTES_TO_T_UINT_8( 0x17, 0x3A, 0x72, 0xBC, 0xFE, 0x72, 0x58, 0x43 ),
+};
+static const mbedtls_ecp_point secp256r1_T[16] = {
+ ECP_POINT_INIT_XY_Z1(secp256r1_T_0_X, secp256r1_T_0_Y),
+ ECP_POINT_INIT_XY_Z0(secp256r1_T_1_X, secp256r1_T_1_Y),
+ ECP_POINT_INIT_XY_Z0(secp256r1_T_2_X, secp256r1_T_2_Y),
+ ECP_POINT_INIT_XY_Z0(secp256r1_T_3_X, secp256r1_T_3_Y),
+ ECP_POINT_INIT_XY_Z0(secp256r1_T_4_X, secp256r1_T_4_Y),
+ ECP_POINT_INIT_XY_Z0(secp256r1_T_5_X, secp256r1_T_5_Y),
+ ECP_POINT_INIT_XY_Z0(secp256r1_T_6_X, secp256r1_T_6_Y),
+ ECP_POINT_INIT_XY_Z0(secp256r1_T_7_X, secp256r1_T_7_Y),
+ ECP_POINT_INIT_XY_Z0(secp256r1_T_8_X, secp256r1_T_8_Y),
+ ECP_POINT_INIT_XY_Z0(secp256r1_T_9_X, secp256r1_T_9_Y),
+ ECP_POINT_INIT_XY_Z0(secp256r1_T_10_X, secp256r1_T_10_Y),
+ ECP_POINT_INIT_XY_Z0(secp256r1_T_11_X, secp256r1_T_11_Y),
+ ECP_POINT_INIT_XY_Z0(secp256r1_T_12_X, secp256r1_T_12_Y),
+ ECP_POINT_INIT_XY_Z0(secp256r1_T_13_X, secp256r1_T_13_Y),
+ ECP_POINT_INIT_XY_Z0(secp256r1_T_14_X, secp256r1_T_14_Y),
+ ECP_POINT_INIT_XY_Z0(secp256r1_T_15_X, secp256r1_T_15_Y),
+};
+#else
+#define secp256r1_T NULL
+#endif
+
#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
/*
@@ -233,6 +871,557 @@
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
};
+#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
+static const mbedtls_mpi_uint secp384r1_T_0_X[] = {
+ BYTES_TO_T_UINT_8( 0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A ),
+ BYTES_TO_T_UINT_8( 0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55 ),
+ BYTES_TO_T_UINT_8( 0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59 ),
+ BYTES_TO_T_UINT_8( 0x98, 0x9B, 0xA7, 0x8B, 0x62, 0x3B, 0x1D, 0x6E ),
+ BYTES_TO_T_UINT_8( 0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E ),
+ BYTES_TO_T_UINT_8( 0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA ),
+};
+static const mbedtls_mpi_uint secp384r1_T_0_Y[] = {
+ BYTES_TO_T_UINT_8( 0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A ),
+ BYTES_TO_T_UINT_8( 0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A ),
+ BYTES_TO_T_UINT_8( 0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9 ),
+ BYTES_TO_T_UINT_8( 0x7C, 0x14, 0x9A, 0x28, 0xBD, 0x1D, 0xF4, 0xF8 ),
+ BYTES_TO_T_UINT_8( 0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D ),
+ BYTES_TO_T_UINT_8( 0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_1_X[] = {
+ BYTES_TO_T_UINT_8( 0x46, 0x92, 0x00, 0x2C, 0x78, 0xDB, 0x1F, 0x37 ),
+ BYTES_TO_T_UINT_8( 0x17, 0xF3, 0xEB, 0xB7, 0x06, 0xF7, 0xB6, 0xBC ),
+ BYTES_TO_T_UINT_8( 0x3D, 0xBC, 0x2C, 0xCF, 0xD8, 0xED, 0x53, 0xE7 ),
+ BYTES_TO_T_UINT_8( 0x52, 0x75, 0x7B, 0xA3, 0xAB, 0xC3, 0x2C, 0x85 ),
+ BYTES_TO_T_UINT_8( 0xE5, 0x9D, 0x78, 0x41, 0xF6, 0x76, 0x84, 0xAC ),
+ BYTES_TO_T_UINT_8( 0x54, 0x56, 0xE8, 0x52, 0xB3, 0xCB, 0xA8, 0xBD ),
+};
+static const mbedtls_mpi_uint secp384r1_T_1_Y[] = {
+ BYTES_TO_T_UINT_8( 0x6D, 0xF2, 0xAE, 0xA4, 0xB6, 0x89, 0x1B, 0xDA ),
+ BYTES_TO_T_UINT_8( 0x01, 0x0F, 0xCE, 0x1C, 0x7C, 0xF6, 0x50, 0x4C ),
+ BYTES_TO_T_UINT_8( 0x4C, 0xEB, 0x90, 0xE6, 0x4D, 0xC7, 0xD4, 0x7A ),
+ BYTES_TO_T_UINT_8( 0xD1, 0x49, 0x2D, 0x8A, 0x01, 0x99, 0x60, 0x94 ),
+ BYTES_TO_T_UINT_8( 0x5F, 0x80, 0x9B, 0x9B, 0x6A, 0xB0, 0x07, 0xD9 ),
+ BYTES_TO_T_UINT_8( 0xC2, 0xA2, 0xEE, 0x59, 0xBE, 0x95, 0xBC, 0x23 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_2_X[] = {
+ BYTES_TO_T_UINT_8( 0xE6, 0x9D, 0x56, 0xAE, 0x59, 0xFB, 0x1F, 0x98 ),
+ BYTES_TO_T_UINT_8( 0xCF, 0xAC, 0x91, 0x80, 0x87, 0xA8, 0x6E, 0x58 ),
+ BYTES_TO_T_UINT_8( 0x30, 0x08, 0xA7, 0x08, 0x94, 0x32, 0xFC, 0x67 ),
+ BYTES_TO_T_UINT_8( 0x9F, 0x29, 0x9E, 0x84, 0xF4, 0xE5, 0x6E, 0x7E ),
+ BYTES_TO_T_UINT_8( 0x55, 0x21, 0xB9, 0x50, 0x24, 0xF8, 0x9C, 0xC7 ),
+ BYTES_TO_T_UINT_8( 0x34, 0x04, 0x01, 0xC2, 0xFB, 0x77, 0x3E, 0xDE ),
+};
+static const mbedtls_mpi_uint secp384r1_T_2_Y[] = {
+ BYTES_TO_T_UINT_8( 0x00, 0x38, 0xEE, 0xE3, 0xC7, 0x9D, 0xEC, 0xA6 ),
+ BYTES_TO_T_UINT_8( 0xB6, 0x88, 0xCF, 0x43, 0xFA, 0x92, 0x5E, 0x8E ),
+ BYTES_TO_T_UINT_8( 0xE9, 0xCA, 0x43, 0xF8, 0x3B, 0x49, 0x7E, 0x75 ),
+ BYTES_TO_T_UINT_8( 0x1C, 0xE7, 0xEB, 0x17, 0x45, 0x86, 0xC2, 0xE1 ),
+ BYTES_TO_T_UINT_8( 0x92, 0x69, 0x57, 0x32, 0xE0, 0x9C, 0xD1, 0x00 ),
+ BYTES_TO_T_UINT_8( 0xD9, 0x10, 0xB8, 0x4D, 0xB8, 0xF4, 0x0D, 0xE3 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_3_X[] = {
+ BYTES_TO_T_UINT_8( 0x60, 0xDC, 0x9A, 0xB2, 0x79, 0x39, 0x27, 0x16 ),
+ BYTES_TO_T_UINT_8( 0x4F, 0x71, 0xE4, 0x3B, 0x4D, 0x60, 0x0C, 0xA3 ),
+ BYTES_TO_T_UINT_8( 0x55, 0xBD, 0x19, 0x40, 0xFA, 0x19, 0x2A, 0x5A ),
+ BYTES_TO_T_UINT_8( 0x4D, 0xF8, 0x1E, 0x43, 0xA1, 0x50, 0x8D, 0xEF ),
+ BYTES_TO_T_UINT_8( 0xA3, 0x18, 0x7C, 0x41, 0xFA, 0x7C, 0x1B, 0x58 ),
+ BYTES_TO_T_UINT_8( 0x00, 0x59, 0x24, 0xC4, 0xE9, 0xB7, 0xD3, 0xAD ),
+};
+static const mbedtls_mpi_uint secp384r1_T_3_Y[] = {
+ BYTES_TO_T_UINT_8( 0xBB, 0x01, 0x3D, 0x63, 0x54, 0x45, 0x6F, 0xB7 ),
+ BYTES_TO_T_UINT_8( 0x7B, 0xB2, 0x19, 0xA3, 0x86, 0x1D, 0x42, 0x34 ),
+ BYTES_TO_T_UINT_8( 0x84, 0x02, 0x87, 0x18, 0x92, 0x52, 0x1A, 0x71 ),
+ BYTES_TO_T_UINT_8( 0x6C, 0x18, 0xB1, 0x5D, 0x18, 0x1B, 0x37, 0xFE ),
+ BYTES_TO_T_UINT_8( 0xF4, 0x74, 0x61, 0xBA, 0x18, 0xAF, 0x40, 0x30 ),
+ BYTES_TO_T_UINT_8( 0xDA, 0x7D, 0x3C, 0x52, 0x0F, 0x07, 0xB0, 0x6F ),
+};
+static const mbedtls_mpi_uint secp384r1_T_4_X[] = {
+ BYTES_TO_T_UINT_8( 0x09, 0x39, 0x13, 0xAA, 0x60, 0x15, 0x99, 0x30 ),
+ BYTES_TO_T_UINT_8( 0x17, 0x00, 0xCB, 0xC6, 0xB1, 0xDB, 0x97, 0x90 ),
+ BYTES_TO_T_UINT_8( 0xE6, 0xFA, 0x60, 0xB8, 0x24, 0xE4, 0x7D, 0xD3 ),
+ BYTES_TO_T_UINT_8( 0xDD, 0x75, 0xB3, 0x70, 0xB2, 0x83, 0xB1, 0x9B ),
+ BYTES_TO_T_UINT_8( 0xA3, 0xE3, 0x6C, 0xCD, 0x33, 0x62, 0x7A, 0x56 ),
+ BYTES_TO_T_UINT_8( 0x88, 0x30, 0xDC, 0x0F, 0x9F, 0xBB, 0xB8, 0xAA ),
+};
+static const mbedtls_mpi_uint secp384r1_T_4_Y[] = {
+ BYTES_TO_T_UINT_8( 0xA6, 0xD5, 0x0A, 0x60, 0x81, 0xB9, 0xC5, 0x16 ),
+ BYTES_TO_T_UINT_8( 0x44, 0xAA, 0x2F, 0xD6, 0xF2, 0x73, 0xDF, 0xEB ),
+ BYTES_TO_T_UINT_8( 0xF3, 0x7B, 0x74, 0xC9, 0xB3, 0x5B, 0x95, 0x6D ),
+ BYTES_TO_T_UINT_8( 0xAC, 0x04, 0xEB, 0x15, 0xC8, 0x5F, 0x00, 0xF6 ),
+ BYTES_TO_T_UINT_8( 0xB5, 0x50, 0x20, 0x28, 0xD1, 0x01, 0xAF, 0xF0 ),
+ BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x4F, 0x31, 0x81, 0x2F, 0x94, 0x48 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_5_X[] = {
+ BYTES_TO_T_UINT_8( 0x46, 0x2F, 0xD8, 0xB6, 0x63, 0x7C, 0xE9, 0x50 ),
+ BYTES_TO_T_UINT_8( 0xD9, 0x8C, 0xB9, 0x14, 0xD9, 0x37, 0x63, 0xDE ),
+ BYTES_TO_T_UINT_8( 0x10, 0x02, 0xB8, 0x46, 0xAD, 0xCE, 0x7B, 0x38 ),
+ BYTES_TO_T_UINT_8( 0x82, 0x47, 0x2D, 0x66, 0xA7, 0xE9, 0x33, 0x23 ),
+ BYTES_TO_T_UINT_8( 0x92, 0xF9, 0x93, 0x94, 0xA8, 0x48, 0xB3, 0x4F ),
+ BYTES_TO_T_UINT_8( 0xE9, 0x4A, 0xAC, 0x51, 0x08, 0x72, 0x2F, 0x1A ),
+};
+static const mbedtls_mpi_uint secp384r1_T_5_Y[] = {
+ BYTES_TO_T_UINT_8( 0xDA, 0xAD, 0xA0, 0xF9, 0x81, 0xE1, 0x78, 0x97 ),
+ BYTES_TO_T_UINT_8( 0x3A, 0x9A, 0x63, 0xD8, 0xBA, 0x79, 0x1A, 0x17 ),
+ BYTES_TO_T_UINT_8( 0x34, 0x31, 0x7B, 0x7A, 0x5A, 0x5D, 0x7D, 0x2D ),
+ BYTES_TO_T_UINT_8( 0x83, 0x96, 0x12, 0x4B, 0x19, 0x09, 0xE0, 0xB7 ),
+ BYTES_TO_T_UINT_8( 0x55, 0x8A, 0x57, 0xEE, 0x4E, 0x6E, 0x7E, 0xEC ),
+ BYTES_TO_T_UINT_8( 0x11, 0x9D, 0x69, 0xDC, 0xB3, 0xDA, 0xD8, 0x08 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_6_X[] = {
+ BYTES_TO_T_UINT_8( 0x68, 0x49, 0x03, 0x03, 0x33, 0x6F, 0x28, 0x4A ),
+ BYTES_TO_T_UINT_8( 0x5D, 0xDB, 0xA7, 0x05, 0x8C, 0xF3, 0x4D, 0xFB ),
+ BYTES_TO_T_UINT_8( 0x8E, 0x92, 0xB1, 0xA8, 0xEC, 0x0D, 0x64, 0x3B ),
+ BYTES_TO_T_UINT_8( 0x4E, 0xFC, 0xFD, 0xD0, 0x4B, 0x88, 0x1B, 0x5D ),
+ BYTES_TO_T_UINT_8( 0x83, 0x9C, 0x51, 0x69, 0xCE, 0x71, 0x73, 0xF5 ),
+ BYTES_TO_T_UINT_8( 0xB8, 0x5A, 0x14, 0x23, 0x1A, 0x46, 0x63, 0x5F ),
+};
+static const mbedtls_mpi_uint secp384r1_T_6_Y[] = {
+ BYTES_TO_T_UINT_8( 0xBC, 0x4C, 0x70, 0x44, 0x18, 0xCD, 0xEF, 0xED ),
+ BYTES_TO_T_UINT_8( 0xC2, 0x49, 0xDD, 0x64, 0x7E, 0x7E, 0x4D, 0x92 ),
+ BYTES_TO_T_UINT_8( 0xA2, 0x32, 0x7C, 0x09, 0xD0, 0x3F, 0xD6, 0x2C ),
+ BYTES_TO_T_UINT_8( 0x6D, 0xE0, 0x4F, 0x65, 0x0C, 0x7A, 0x54, 0x3E ),
+ BYTES_TO_T_UINT_8( 0x16, 0xFA, 0xFB, 0x4A, 0xB4, 0x79, 0x5A, 0x8C ),
+ BYTES_TO_T_UINT_8( 0x04, 0x5D, 0x1B, 0x2B, 0xDA, 0xBC, 0x9A, 0x74 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_7_X[] = {
+ BYTES_TO_T_UINT_8( 0x51, 0xAC, 0x56, 0xF7, 0x5F, 0x51, 0x68, 0x0B ),
+ BYTES_TO_T_UINT_8( 0xC6, 0xE0, 0x1D, 0xBC, 0x13, 0x4E, 0xAC, 0x03 ),
+ BYTES_TO_T_UINT_8( 0xB7, 0xF5, 0xC5, 0xE6, 0xD2, 0x88, 0xBA, 0xCB ),
+ BYTES_TO_T_UINT_8( 0xFA, 0x0E, 0x28, 0x23, 0x58, 0x67, 0xFA, 0xEE ),
+ BYTES_TO_T_UINT_8( 0x9E, 0x80, 0x4B, 0xD8, 0xC4, 0xDF, 0x15, 0xE4 ),
+ BYTES_TO_T_UINT_8( 0xF1, 0x0E, 0x58, 0xE6, 0x2C, 0x59, 0xC2, 0x03 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_7_Y[] = {
+ BYTES_TO_T_UINT_8( 0x9B, 0x26, 0x27, 0x99, 0x16, 0x2B, 0x22, 0x0B ),
+ BYTES_TO_T_UINT_8( 0xBA, 0xF3, 0x8F, 0xC3, 0x2A, 0x9B, 0xFC, 0x38 ),
+ BYTES_TO_T_UINT_8( 0xFC, 0x2E, 0x83, 0x3D, 0xFE, 0x9E, 0x3C, 0x1B ),
+ BYTES_TO_T_UINT_8( 0x08, 0x57, 0xCD, 0x2D, 0xC1, 0x49, 0x38, 0xB5 ),
+ BYTES_TO_T_UINT_8( 0x95, 0x42, 0x8B, 0x33, 0x89, 0x1F, 0xEA, 0x01 ),
+ BYTES_TO_T_UINT_8( 0xAA, 0x1D, 0x13, 0xD7, 0x50, 0xBB, 0x3E, 0xEB ),
+};
+static const mbedtls_mpi_uint secp384r1_T_8_X[] = {
+ BYTES_TO_T_UINT_8( 0xD2, 0x9A, 0x52, 0xD2, 0x54, 0x7C, 0x97, 0xF2 ),
+ BYTES_TO_T_UINT_8( 0xE0, 0x33, 0x6E, 0xED, 0xD9, 0x87, 0x50, 0xC5 ),
+ BYTES_TO_T_UINT_8( 0x5A, 0x35, 0x7E, 0x16, 0x40, 0x15, 0x83, 0xB8 ),
+ BYTES_TO_T_UINT_8( 0x33, 0x2B, 0xA4, 0xAB, 0x03, 0x91, 0xEA, 0xFE ),
+ BYTES_TO_T_UINT_8( 0xC1, 0x47, 0x39, 0xEF, 0x05, 0x59, 0xD0, 0x90 ),
+ BYTES_TO_T_UINT_8( 0xBF, 0x24, 0x0D, 0x76, 0x11, 0x53, 0x08, 0xAF ),
+};
+static const mbedtls_mpi_uint secp384r1_T_8_Y[] = {
+ BYTES_TO_T_UINT_8( 0x1F, 0x2F, 0xDD, 0xBD, 0x50, 0x48, 0xB1, 0xE5 ),
+ BYTES_TO_T_UINT_8( 0x80, 0x1C, 0x84, 0x55, 0x78, 0x14, 0xEB, 0xF6 ),
+ BYTES_TO_T_UINT_8( 0xD9, 0x5E, 0x3E, 0xA6, 0xAF, 0xF6, 0xC7, 0x04 ),
+ BYTES_TO_T_UINT_8( 0xE7, 0x11, 0xE2, 0x65, 0xCA, 0x41, 0x95, 0x3B ),
+ BYTES_TO_T_UINT_8( 0xAE, 0x83, 0xD8, 0xE6, 0x4D, 0x22, 0x06, 0x2D ),
+ BYTES_TO_T_UINT_8( 0xFA, 0x7F, 0x25, 0x2A, 0xAA, 0x28, 0x46, 0x97 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_9_X[] = {
+ BYTES_TO_T_UINT_8( 0x79, 0xDB, 0x15, 0x56, 0x84, 0xCB, 0xC0, 0x56 ),
+ BYTES_TO_T_UINT_8( 0x56, 0xDB, 0x0E, 0x08, 0xC9, 0xF5, 0xD4, 0x9E ),
+ BYTES_TO_T_UINT_8( 0xE6, 0x62, 0xD0, 0x1A, 0x7C, 0x13, 0xD5, 0x07 ),
+ BYTES_TO_T_UINT_8( 0x7D, 0xAD, 0x53, 0xE0, 0x32, 0x21, 0xA0, 0xC0 ),
+ BYTES_TO_T_UINT_8( 0xC5, 0x38, 0x81, 0x21, 0x23, 0x0E, 0xD2, 0xBB ),
+ BYTES_TO_T_UINT_8( 0x1C, 0x51, 0x05, 0xD0, 0x1E, 0x82, 0xA9, 0x71 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_9_Y[] = {
+ BYTES_TO_T_UINT_8( 0xA7, 0xC3, 0x27, 0xBF, 0xC6, 0xAA, 0xB7, 0xB9 ),
+ BYTES_TO_T_UINT_8( 0xCB, 0x65, 0x45, 0xDF, 0xB9, 0x46, 0x17, 0x46 ),
+ BYTES_TO_T_UINT_8( 0xF5, 0x38, 0x3F, 0xB2, 0xB1, 0x5D, 0xCA, 0x1C ),
+ BYTES_TO_T_UINT_8( 0x88, 0x29, 0x6C, 0x63, 0xE9, 0xD7, 0x48, 0xB8 ),
+ BYTES_TO_T_UINT_8( 0xBC, 0xF1, 0xD7, 0x99, 0x8C, 0xC2, 0x05, 0x99 ),
+ BYTES_TO_T_UINT_8( 0x6D, 0xE6, 0x5E, 0x82, 0x6D, 0xE5, 0x7E, 0xD5 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_10_X[] = {
+ BYTES_TO_T_UINT_8( 0x7B, 0x61, 0xFA, 0x7D, 0x01, 0xDB, 0xB6, 0x63 ),
+ BYTES_TO_T_UINT_8( 0x11, 0xC6, 0x58, 0x39, 0xF4, 0xC6, 0x82, 0x23 ),
+ BYTES_TO_T_UINT_8( 0x47, 0x5A, 0x7A, 0x80, 0x08, 0xCD, 0xAA, 0xD8 ),
+ BYTES_TO_T_UINT_8( 0xDA, 0x8C, 0xC6, 0x3F, 0x3C, 0xA5, 0x68, 0xF4 ),
+ BYTES_TO_T_UINT_8( 0xBB, 0xF5, 0xD5, 0x17, 0xAE, 0x36, 0xD8, 0x8A ),
+ BYTES_TO_T_UINT_8( 0xC7, 0xAD, 0x92, 0xC5, 0x57, 0x6C, 0xDA, 0x91 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_10_Y[] = {
+ BYTES_TO_T_UINT_8( 0xE8, 0x67, 0x17, 0xC0, 0x40, 0x78, 0x8C, 0x84 ),
+ BYTES_TO_T_UINT_8( 0x7E, 0x9F, 0xF4, 0xAA, 0xDA, 0x5C, 0x7E, 0xB2 ),
+ BYTES_TO_T_UINT_8( 0x96, 0xDB, 0x42, 0x3E, 0x72, 0x64, 0xA0, 0x67 ),
+ BYTES_TO_T_UINT_8( 0x27, 0xF9, 0x41, 0x17, 0x43, 0xE3, 0xE8, 0xA8 ),
+ BYTES_TO_T_UINT_8( 0x66, 0xDD, 0xCC, 0x43, 0x7E, 0x16, 0x05, 0x03 ),
+ BYTES_TO_T_UINT_8( 0x36, 0x4B, 0xCF, 0x48, 0x8F, 0x41, 0x90, 0xE5 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_11_X[] = {
+ BYTES_TO_T_UINT_8( 0x98, 0x0C, 0x6B, 0x9D, 0x22, 0x04, 0xBC, 0x5C ),
+ BYTES_TO_T_UINT_8( 0x86, 0x63, 0x79, 0x2F, 0x6A, 0x0E, 0x8A, 0xDE ),
+ BYTES_TO_T_UINT_8( 0x29, 0x67, 0x3F, 0x02, 0xB8, 0x91, 0x7F, 0x74 ),
+ BYTES_TO_T_UINT_8( 0xFC, 0x14, 0x64, 0xA0, 0x33, 0xF4, 0x6B, 0x50 ),
+ BYTES_TO_T_UINT_8( 0x1C, 0x44, 0x71, 0x87, 0xB8, 0x88, 0x3F, 0x45 ),
+ BYTES_TO_T_UINT_8( 0x1B, 0x2B, 0x85, 0x05, 0xC5, 0x44, 0x53, 0x15 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_11_Y[] = {
+ BYTES_TO_T_UINT_8( 0x3E, 0x2B, 0xFE, 0xD1, 0x1C, 0x73, 0xE3, 0x2E ),
+ BYTES_TO_T_UINT_8( 0x66, 0x33, 0xA1, 0xD3, 0x69, 0x1C, 0x9D, 0xD2 ),
+ BYTES_TO_T_UINT_8( 0xE0, 0x5A, 0xBA, 0xB6, 0xAE, 0x1B, 0x94, 0x04 ),
+ BYTES_TO_T_UINT_8( 0xAF, 0x74, 0x90, 0x5C, 0x57, 0xB0, 0x3A, 0x45 ),
+ BYTES_TO_T_UINT_8( 0xDD, 0x2F, 0x93, 0x20, 0x24, 0x54, 0x1D, 0x8D ),
+ BYTES_TO_T_UINT_8( 0xFA, 0x78, 0x9D, 0x71, 0x67, 0x5D, 0x49, 0x98 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_12_X[] = {
+ BYTES_TO_T_UINT_8( 0x12, 0xC8, 0x0E, 0x11, 0x8D, 0xE0, 0x8F, 0x69 ),
+ BYTES_TO_T_UINT_8( 0x59, 0x7F, 0x79, 0x6C, 0x5F, 0xB7, 0xBC, 0xB1 ),
+ BYTES_TO_T_UINT_8( 0x88, 0xE1, 0x83, 0x3C, 0x12, 0xBB, 0xEE, 0x96 ),
+ BYTES_TO_T_UINT_8( 0x2A, 0xC2, 0xC4, 0x1B, 0x41, 0x71, 0xB9, 0x17 ),
+ BYTES_TO_T_UINT_8( 0xB0, 0xEE, 0xBB, 0x1D, 0x89, 0x50, 0x88, 0xF2 ),
+ BYTES_TO_T_UINT_8( 0xFC, 0x1C, 0x55, 0x74, 0xEB, 0xDE, 0x92, 0x3F ),
+};
+static const mbedtls_mpi_uint secp384r1_T_12_Y[] = {
+ BYTES_TO_T_UINT_8( 0x9C, 0x38, 0x92, 0x06, 0x19, 0xD0, 0xB3, 0xB2 ),
+ BYTES_TO_T_UINT_8( 0x2A, 0x99, 0x26, 0xA3, 0x5F, 0xE2, 0xC1, 0x81 ),
+ BYTES_TO_T_UINT_8( 0x75, 0xFC, 0xFD, 0xC3, 0xB6, 0x26, 0x24, 0x8F ),
+ BYTES_TO_T_UINT_8( 0xAF, 0xAD, 0xE7, 0x49, 0xB7, 0x64, 0x4B, 0x96 ),
+ BYTES_TO_T_UINT_8( 0x6C, 0x4E, 0x95, 0xAD, 0x07, 0xFE, 0xB6, 0x30 ),
+ BYTES_TO_T_UINT_8( 0x4F, 0x15, 0xE7, 0x2D, 0x19, 0xA9, 0x08, 0x10 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_13_X[] = {
+ BYTES_TO_T_UINT_8( 0xBE, 0xBD, 0xAC, 0x0A, 0x3F, 0x6B, 0xFF, 0xFA ),
+ BYTES_TO_T_UINT_8( 0xE0, 0xE4, 0x74, 0x14, 0xD9, 0x70, 0x1D, 0x71 ),
+ BYTES_TO_T_UINT_8( 0xF2, 0xB0, 0x71, 0xBB, 0xD8, 0x18, 0x96, 0x2B ),
+ BYTES_TO_T_UINT_8( 0xDA, 0xB8, 0x19, 0x90, 0x80, 0xB5, 0xEE, 0x01 ),
+ BYTES_TO_T_UINT_8( 0x91, 0x21, 0x20, 0xA6, 0x17, 0x48, 0x03, 0x6F ),
+ BYTES_TO_T_UINT_8( 0xE3, 0x1D, 0xBB, 0x6D, 0x94, 0x20, 0x34, 0xF1 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_13_Y[] = {
+ BYTES_TO_T_UINT_8( 0x59, 0x82, 0x67, 0x4B, 0x8E, 0x4E, 0xBE, 0xE2 ),
+ BYTES_TO_T_UINT_8( 0xBE, 0xDA, 0x77, 0xF8, 0x23, 0x55, 0x2B, 0x2D ),
+ BYTES_TO_T_UINT_8( 0x5C, 0x02, 0xDE, 0x25, 0x35, 0x2D, 0x74, 0x51 ),
+ BYTES_TO_T_UINT_8( 0xD0, 0x0C, 0xB8, 0x0B, 0x39, 0xBA, 0xAD, 0x04 ),
+ BYTES_TO_T_UINT_8( 0xA6, 0x0E, 0x28, 0x4D, 0xE1, 0x3D, 0xE4, 0x1B ),
+ BYTES_TO_T_UINT_8( 0x5D, 0xEC, 0x0A, 0xD4, 0xB8, 0xC4, 0x8D, 0xB0 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_14_X[] = {
+ BYTES_TO_T_UINT_8( 0x3E, 0x68, 0xCE, 0xC2, 0x55, 0x4D, 0x0C, 0x6D ),
+ BYTES_TO_T_UINT_8( 0x9B, 0x20, 0x93, 0x32, 0x90, 0xD6, 0xAE, 0x47 ),
+ BYTES_TO_T_UINT_8( 0xDD, 0x78, 0xAB, 0x43, 0x9E, 0xEB, 0x73, 0xAE ),
+ BYTES_TO_T_UINT_8( 0xED, 0x97, 0xC3, 0x83, 0xA6, 0x3C, 0xF1, 0xBF ),
+ BYTES_TO_T_UINT_8( 0x0F, 0x25, 0x25, 0x66, 0x08, 0x26, 0xFA, 0x4B ),
+ BYTES_TO_T_UINT_8( 0x41, 0xFB, 0x44, 0x5D, 0x82, 0xEC, 0x3B, 0xAC ),
+};
+static const mbedtls_mpi_uint secp384r1_T_14_Y[] = {
+ BYTES_TO_T_UINT_8( 0x58, 0x90, 0xEA, 0xB5, 0x04, 0x99, 0xD0, 0x69 ),
+ BYTES_TO_T_UINT_8( 0x4A, 0xF2, 0x22, 0xA0, 0xEB, 0xFD, 0x45, 0x87 ),
+ BYTES_TO_T_UINT_8( 0x5D, 0xA4, 0x81, 0x32, 0xFC, 0xFA, 0xEE, 0x5B ),
+ BYTES_TO_T_UINT_8( 0x27, 0xBB, 0xA4, 0x6A, 0x77, 0x41, 0x5C, 0x1D ),
+ BYTES_TO_T_UINT_8( 0xA1, 0x1E, 0xAA, 0x4F, 0xF0, 0x10, 0xB3, 0x50 ),
+ BYTES_TO_T_UINT_8( 0x09, 0x74, 0x13, 0x14, 0x9E, 0x90, 0xD7, 0xE6 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_15_X[] = {
+ BYTES_TO_T_UINT_8( 0xDB, 0xBD, 0x70, 0x4F, 0xA8, 0xD1, 0x06, 0x2C ),
+ BYTES_TO_T_UINT_8( 0x19, 0x4E, 0x2E, 0x68, 0xFC, 0x35, 0xFA, 0x50 ),
+ BYTES_TO_T_UINT_8( 0x60, 0x53, 0x75, 0xED, 0xF2, 0x5F, 0xC2, 0xEB ),
+ BYTES_TO_T_UINT_8( 0x39, 0x87, 0x6B, 0x9F, 0x05, 0xE2, 0x22, 0x93 ),
+ BYTES_TO_T_UINT_8( 0x4F, 0x1A, 0xA8, 0xB7, 0x03, 0x9E, 0x6D, 0x7C ),
+ BYTES_TO_T_UINT_8( 0xCB, 0xD0, 0x69, 0x88, 0xA8, 0x39, 0x9E, 0x3A ),
+};
+static const mbedtls_mpi_uint secp384r1_T_15_Y[] = {
+ BYTES_TO_T_UINT_8( 0xF8, 0xEF, 0x68, 0xFE, 0xEC, 0x24, 0x08, 0x15 ),
+ BYTES_TO_T_UINT_8( 0xA1, 0x06, 0x4B, 0x92, 0x0D, 0xB7, 0x34, 0x74 ),
+ BYTES_TO_T_UINT_8( 0x3E, 0xF4, 0xDD, 0x1A, 0xA0, 0x4A, 0xE4, 0x45 ),
+ BYTES_TO_T_UINT_8( 0xC3, 0x63, 0x4F, 0x4F, 0xCE, 0xBB, 0xD6, 0xD3 ),
+ BYTES_TO_T_UINT_8( 0xCD, 0xEE, 0x8D, 0xDF, 0x3F, 0x73, 0xB7, 0xAC ),
+ BYTES_TO_T_UINT_8( 0xDF, 0x06, 0xB6, 0x80, 0x4D, 0x81, 0xD9, 0x53 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_16_X[] = {
+ BYTES_TO_T_UINT_8( 0x15, 0xF5, 0x13, 0xDF, 0x13, 0x19, 0x97, 0x94 ),
+ BYTES_TO_T_UINT_8( 0x08, 0xF9, 0xB3, 0x33, 0x66, 0x82, 0x21, 0xFE ),
+ BYTES_TO_T_UINT_8( 0xF5, 0xFC, 0x39, 0x16, 0x23, 0x43, 0x76, 0x0E ),
+ BYTES_TO_T_UINT_8( 0x09, 0x48, 0x25, 0xA1, 0x64, 0x95, 0x1C, 0x2F ),
+ BYTES_TO_T_UINT_8( 0x43, 0xAC, 0x15, 0x57, 0xD9, 0xDE, 0xA0, 0x28 ),
+ BYTES_TO_T_UINT_8( 0x16, 0x5F, 0xB8, 0x3D, 0x48, 0x91, 0x24, 0xCC ),
+};
+static const mbedtls_mpi_uint secp384r1_T_16_Y[] = {
+ BYTES_TO_T_UINT_8( 0x2D, 0xF2, 0xC8, 0x54, 0xD1, 0x32, 0xBD, 0xC4 ),
+ BYTES_TO_T_UINT_8( 0x8A, 0x3B, 0xF0, 0xAA, 0x9D, 0xD8, 0xF4, 0x20 ),
+ BYTES_TO_T_UINT_8( 0x4F, 0xC3, 0xBB, 0x6C, 0x66, 0xAC, 0x25, 0x2D ),
+ BYTES_TO_T_UINT_8( 0x6F, 0x25, 0x10, 0xB2, 0xE1, 0x41, 0xDE, 0x1D ),
+ BYTES_TO_T_UINT_8( 0x3C, 0xE8, 0x30, 0xB8, 0x37, 0xBC, 0x2A, 0x98 ),
+ BYTES_TO_T_UINT_8( 0xBA, 0x57, 0x01, 0x4A, 0x1E, 0x78, 0x9F, 0x85 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_17_X[] = {
+ BYTES_TO_T_UINT_8( 0xBD, 0x19, 0xCD, 0x12, 0x0B, 0x51, 0x4F, 0x56 ),
+ BYTES_TO_T_UINT_8( 0x30, 0x4B, 0x3D, 0x24, 0xA4, 0x16, 0x59, 0x05 ),
+ BYTES_TO_T_UINT_8( 0xAC, 0xEB, 0xD3, 0x59, 0x2E, 0x75, 0x7C, 0x01 ),
+ BYTES_TO_T_UINT_8( 0x8C, 0xB9, 0xB4, 0xA5, 0xD9, 0x2E, 0x29, 0x4C ),
+ BYTES_TO_T_UINT_8( 0x86, 0x16, 0x05, 0x75, 0x02, 0xB3, 0x06, 0xEE ),
+ BYTES_TO_T_UINT_8( 0xAB, 0x7C, 0x9F, 0x79, 0x91, 0xF1, 0x4F, 0x23 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_17_Y[] = {
+ BYTES_TO_T_UINT_8( 0x65, 0x98, 0x7C, 0x84, 0xE1, 0xFF, 0x30, 0x77 ),
+ BYTES_TO_T_UINT_8( 0x71, 0xE2, 0xC2, 0x5F, 0x55, 0x40, 0xBD, 0xCD ),
+ BYTES_TO_T_UINT_8( 0x69, 0x65, 0x87, 0x3F, 0xC4, 0xC2, 0x24, 0x57 ),
+ BYTES_TO_T_UINT_8( 0x0E, 0x30, 0x0A, 0x60, 0x15, 0xD1, 0x24, 0x48 ),
+ BYTES_TO_T_UINT_8( 0x57, 0x99, 0xD9, 0xB6, 0xAE, 0xB1, 0xAF, 0x1D ),
+ BYTES_TO_T_UINT_8( 0x9B, 0x80, 0xEE, 0xA2, 0x0F, 0x74, 0xB9, 0xF3 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_18_X[] = {
+ BYTES_TO_T_UINT_8( 0x03, 0xE6, 0x0F, 0x37, 0xC1, 0x10, 0x99, 0x1E ),
+ BYTES_TO_T_UINT_8( 0x61, 0xAD, 0x9D, 0x5D, 0x80, 0x01, 0xA6, 0xFE ),
+ BYTES_TO_T_UINT_8( 0xB0, 0x0F, 0x10, 0x2A, 0x9D, 0x20, 0x38, 0xEB ),
+ BYTES_TO_T_UINT_8( 0x6C, 0x60, 0xCB, 0xCE, 0x5A, 0xA0, 0xA7, 0x32 ),
+ BYTES_TO_T_UINT_8( 0xBA, 0xCF, 0x14, 0xDF, 0xBF, 0xE5, 0x74, 0x2D ),
+ BYTES_TO_T_UINT_8( 0xB5, 0x12, 0x1A, 0xDD, 0x59, 0x02, 0x5D, 0xC6 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_18_Y[] = {
+ BYTES_TO_T_UINT_8( 0xC8, 0xC9, 0xF8, 0xF5, 0xB6, 0x13, 0x4D, 0x7B ),
+ BYTES_TO_T_UINT_8( 0xED, 0x45, 0xB1, 0x93, 0xB3, 0xA2, 0x79, 0xDC ),
+ BYTES_TO_T_UINT_8( 0x74, 0xF6, 0xCF, 0xF7, 0xE6, 0x29, 0x9C, 0xCC ),
+ BYTES_TO_T_UINT_8( 0x87, 0x50, 0x65, 0x80, 0xBC, 0x59, 0x0A, 0x59 ),
+ BYTES_TO_T_UINT_8( 0x0E, 0xF0, 0x24, 0x35, 0xA2, 0x46, 0xF0, 0x0C ),
+ BYTES_TO_T_UINT_8( 0xBD, 0x26, 0xC0, 0x9D, 0x61, 0x56, 0x62, 0x67 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_19_X[] = {
+ BYTES_TO_T_UINT_8( 0x10, 0xBB, 0xC2, 0x24, 0x43, 0x2E, 0x37, 0x54 ),
+ BYTES_TO_T_UINT_8( 0x8A, 0xF7, 0xCE, 0x35, 0xFC, 0x77, 0xF3, 0x3F ),
+ BYTES_TO_T_UINT_8( 0x75, 0x34, 0x96, 0xD5, 0x4A, 0x76, 0x9D, 0x6B ),
+ BYTES_TO_T_UINT_8( 0xB8, 0x3B, 0x0F, 0xEA, 0xA8, 0x12, 0x0B, 0x22 ),
+ BYTES_TO_T_UINT_8( 0x66, 0x3F, 0x5D, 0x2D, 0x1C, 0xD4, 0x9E, 0xFB ),
+ BYTES_TO_T_UINT_8( 0x7D, 0x2E, 0xDD, 0xC7, 0x6E, 0xAB, 0xAF, 0xDC ),
+};
+static const mbedtls_mpi_uint secp384r1_T_19_Y[] = {
+ BYTES_TO_T_UINT_8( 0x8C, 0xB2, 0x7B, 0x0C, 0x9A, 0x83, 0x8E, 0x59 ),
+ BYTES_TO_T_UINT_8( 0x30, 0x51, 0x90, 0x92, 0x79, 0x32, 0x19, 0xC3 ),
+ BYTES_TO_T_UINT_8( 0xEE, 0x89, 0xF9, 0xD0, 0xCF, 0x2C, 0xA5, 0x8F ),
+ BYTES_TO_T_UINT_8( 0x7B, 0x50, 0x21, 0xDE, 0x50, 0x41, 0x9D, 0x81 ),
+ BYTES_TO_T_UINT_8( 0xE0, 0x7D, 0x2B, 0x9E, 0x9D, 0x95, 0xA8, 0xE3 ),
+ BYTES_TO_T_UINT_8( 0xD8, 0xA5, 0x20, 0x87, 0x88, 0x97, 0x5F, 0xAA ),
+};
+static const mbedtls_mpi_uint secp384r1_T_20_X[] = {
+ BYTES_TO_T_UINT_8( 0x64, 0x59, 0xB4, 0x66, 0x7E, 0xE8, 0x5A, 0x60 ),
+ BYTES_TO_T_UINT_8( 0xA5, 0x5C, 0x7E, 0xB2, 0xAD, 0xD9, 0xC9, 0xDA ),
+ BYTES_TO_T_UINT_8( 0x82, 0x97, 0x49, 0xA3, 0x13, 0x83, 0x07, 0x2E ),
+ BYTES_TO_T_UINT_8( 0x5A, 0x26, 0xC7, 0x13, 0x35, 0x0D, 0xB0, 0x6B ),
+ BYTES_TO_T_UINT_8( 0x1E, 0x60, 0xAB, 0xFA, 0x4B, 0x93, 0x18, 0x2C ),
+ BYTES_TO_T_UINT_8( 0x54, 0x2D, 0x1C, 0x31, 0x4C, 0xE4, 0x61, 0xAE ),
+};
+static const mbedtls_mpi_uint secp384r1_T_20_Y[] = {
+ BYTES_TO_T_UINT_8( 0xDE, 0x4D, 0x1E, 0x51, 0x59, 0x6E, 0x91, 0xC5 ),
+ BYTES_TO_T_UINT_8( 0x38, 0x54, 0x4D, 0x51, 0xED, 0x36, 0xCC, 0x60 ),
+ BYTES_TO_T_UINT_8( 0x18, 0xA8, 0x56, 0xC7, 0x78, 0x27, 0x33, 0xC5 ),
+ BYTES_TO_T_UINT_8( 0x42, 0xB7, 0x95, 0xC9, 0x8B, 0xC8, 0x6A, 0xBC ),
+ BYTES_TO_T_UINT_8( 0x5E, 0xE9, 0x13, 0x96, 0xB3, 0xE1, 0xF9, 0xEE ),
+ BYTES_TO_T_UINT_8( 0xF5, 0x46, 0xB0, 0x5E, 0xC3, 0x94, 0x03, 0x05 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_21_X[] = {
+ BYTES_TO_T_UINT_8( 0x6D, 0x5B, 0x29, 0x30, 0x41, 0x1A, 0x9E, 0xB6 ),
+ BYTES_TO_T_UINT_8( 0x76, 0xCA, 0x83, 0x31, 0x5B, 0xA7, 0xCB, 0x42 ),
+ BYTES_TO_T_UINT_8( 0x21, 0x41, 0x50, 0x44, 0x4D, 0x64, 0x31, 0x89 ),
+ BYTES_TO_T_UINT_8( 0xCF, 0x84, 0xC2, 0x5D, 0x97, 0xA5, 0x3C, 0x18 ),
+ BYTES_TO_T_UINT_8( 0xF0, 0x0F, 0xA5, 0xFD, 0x8E, 0x5A, 0x47, 0x2C ),
+ BYTES_TO_T_UINT_8( 0x7C, 0x58, 0x02, 0x2D, 0x40, 0xB1, 0x0B, 0xBA ),
+};
+static const mbedtls_mpi_uint secp384r1_T_21_Y[] = {
+ BYTES_TO_T_UINT_8( 0xDA, 0x33, 0x8C, 0x67, 0xCE, 0x23, 0x43, 0x99 ),
+ BYTES_TO_T_UINT_8( 0x84, 0x53, 0x47, 0x72, 0x44, 0x1F, 0x5B, 0x2A ),
+ BYTES_TO_T_UINT_8( 0xAE, 0xC1, 0xD9, 0xA4, 0x50, 0x88, 0x63, 0x18 ),
+ BYTES_TO_T_UINT_8( 0x7C, 0xF2, 0x75, 0x69, 0x73, 0x00, 0xC4, 0x31 ),
+ BYTES_TO_T_UINT_8( 0x4B, 0x90, 0x1D, 0xDF, 0x1A, 0x00, 0xD8, 0x69 ),
+ BYTES_TO_T_UINT_8( 0x05, 0xB1, 0x89, 0x48, 0xA8, 0x70, 0x62, 0xEF ),
+};
+static const mbedtls_mpi_uint secp384r1_T_22_X[] = {
+ BYTES_TO_T_UINT_8( 0x7E, 0x8A, 0x55, 0x50, 0x7B, 0xEF, 0x8A, 0x3C ),
+ BYTES_TO_T_UINT_8( 0xFE, 0x1B, 0x23, 0x48, 0x23, 0x63, 0x91, 0xB6 ),
+ BYTES_TO_T_UINT_8( 0x0D, 0x04, 0x54, 0x3C, 0x24, 0x9B, 0xC7, 0x9A ),
+ BYTES_TO_T_UINT_8( 0x25, 0x38, 0xC3, 0x84, 0xFB, 0xFF, 0x9F, 0x49 ),
+ BYTES_TO_T_UINT_8( 0x66, 0x2A, 0xE0, 0x6D, 0x68, 0x8A, 0x5C, 0xCB ),
+ BYTES_TO_T_UINT_8( 0xC4, 0x93, 0x53, 0x85, 0xA1, 0x0D, 0xAF, 0x63 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_22_Y[] = {
+ BYTES_TO_T_UINT_8( 0x1B, 0x88, 0x95, 0x4C, 0x0B, 0xD0, 0x06, 0x51 ),
+ BYTES_TO_T_UINT_8( 0x92, 0xAF, 0x8D, 0x49, 0xA2, 0xC8, 0xB4, 0xE0 ),
+ BYTES_TO_T_UINT_8( 0x75, 0x76, 0x53, 0x09, 0x88, 0x43, 0x87, 0xCA ),
+ BYTES_TO_T_UINT_8( 0x90, 0xA4, 0x77, 0x3F, 0x5E, 0x21, 0xB4, 0x0A ),
+ BYTES_TO_T_UINT_8( 0x35, 0x9E, 0x86, 0x64, 0xCC, 0x91, 0xC1, 0x77 ),
+ BYTES_TO_T_UINT_8( 0xC1, 0x17, 0x56, 0xCB, 0xC3, 0x7D, 0x5B, 0xB1 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_23_X[] = {
+ BYTES_TO_T_UINT_8( 0x64, 0x74, 0x9F, 0xB5, 0x91, 0x21, 0xB1, 0x1C ),
+ BYTES_TO_T_UINT_8( 0x1E, 0xED, 0xE1, 0x11, 0xEF, 0x45, 0xAF, 0xC1 ),
+ BYTES_TO_T_UINT_8( 0xE0, 0x31, 0xBE, 0xB2, 0xBC, 0x72, 0x65, 0x1F ),
+ BYTES_TO_T_UINT_8( 0xB1, 0x4B, 0x8C, 0x77, 0xCE, 0x1E, 0x42, 0xB5 ),
+ BYTES_TO_T_UINT_8( 0xFF, 0xC9, 0xAA, 0xB9, 0xD9, 0x86, 0x99, 0x55 ),
+ BYTES_TO_T_UINT_8( 0x65, 0x23, 0x80, 0xC6, 0x4E, 0x35, 0x0B, 0x6D ),
+};
+static const mbedtls_mpi_uint secp384r1_T_23_Y[] = {
+ BYTES_TO_T_UINT_8( 0x47, 0xD8, 0xA2, 0x0A, 0x39, 0x32, 0x1D, 0x23 ),
+ BYTES_TO_T_UINT_8( 0x61, 0xC8, 0x86, 0xF1, 0x12, 0x9A, 0x4A, 0x05 ),
+ BYTES_TO_T_UINT_8( 0x8D, 0xF1, 0x7C, 0xAA, 0x70, 0x8E, 0xBC, 0x01 ),
+ BYTES_TO_T_UINT_8( 0x62, 0x01, 0x47, 0x8F, 0xDD, 0x8B, 0xA5, 0xC8 ),
+ BYTES_TO_T_UINT_8( 0xDB, 0x08, 0x21, 0xF4, 0xAB, 0xC7, 0xF5, 0x96 ),
+ BYTES_TO_T_UINT_8( 0x0A, 0x76, 0xA5, 0x95, 0xC4, 0x0F, 0x88, 0x1D ),
+};
+static const mbedtls_mpi_uint secp384r1_T_24_X[] = {
+ BYTES_TO_T_UINT_8( 0x3F, 0x42, 0x2A, 0x52, 0xCD, 0x75, 0x51, 0x49 ),
+ BYTES_TO_T_UINT_8( 0x90, 0x36, 0xE5, 0x04, 0x2B, 0x44, 0xC6, 0xEF ),
+ BYTES_TO_T_UINT_8( 0x5C, 0xEE, 0x16, 0x13, 0x07, 0x83, 0xB5, 0x30 ),
+ BYTES_TO_T_UINT_8( 0x76, 0x59, 0xC6, 0xA2, 0x19, 0x05, 0xD3, 0xC6 ),
+ BYTES_TO_T_UINT_8( 0xB6, 0x8B, 0xA8, 0x16, 0x09, 0xB7, 0xEA, 0xD6 ),
+ BYTES_TO_T_UINT_8( 0x70, 0xEE, 0x14, 0xAF, 0xB5, 0xFD, 0xD0, 0xEF ),
+};
+static const mbedtls_mpi_uint secp384r1_T_24_Y[] = {
+ BYTES_TO_T_UINT_8( 0x18, 0x7C, 0xCA, 0x71, 0x3E, 0x6E, 0x66, 0x75 ),
+ BYTES_TO_T_UINT_8( 0xBE, 0x31, 0x0E, 0x3F, 0xE5, 0x91, 0xC4, 0x7F ),
+ BYTES_TO_T_UINT_8( 0x8E, 0x3D, 0xC2, 0x3E, 0x95, 0x37, 0x58, 0x2B ),
+ BYTES_TO_T_UINT_8( 0x01, 0x1F, 0x02, 0x03, 0xF3, 0xEF, 0xEE, 0x66 ),
+ BYTES_TO_T_UINT_8( 0x28, 0x5B, 0x1A, 0xFC, 0x38, 0xCD, 0xE8, 0x24 ),
+ BYTES_TO_T_UINT_8( 0x12, 0x57, 0x42, 0x85, 0xC6, 0x21, 0x68, 0x71 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_25_X[] = {
+ BYTES_TO_T_UINT_8( 0x8D, 0xA2, 0x4A, 0x66, 0xB1, 0x0A, 0xE6, 0xC0 ),
+ BYTES_TO_T_UINT_8( 0x86, 0x0C, 0x94, 0x9D, 0x5E, 0x99, 0xB2, 0xCE ),
+ BYTES_TO_T_UINT_8( 0xAD, 0x03, 0x40, 0xCA, 0xB2, 0xB3, 0x30, 0x55 ),
+ BYTES_TO_T_UINT_8( 0x74, 0x78, 0x48, 0x27, 0x34, 0x1E, 0xE2, 0x42 ),
+ BYTES_TO_T_UINT_8( 0xAE, 0x72, 0x5B, 0xAC, 0xC1, 0x6D, 0xE3, 0x82 ),
+ BYTES_TO_T_UINT_8( 0x57, 0xAB, 0x46, 0xCB, 0xEA, 0x5E, 0x4B, 0x0B ),
+};
+static const mbedtls_mpi_uint secp384r1_T_25_Y[] = {
+ BYTES_TO_T_UINT_8( 0xFC, 0x08, 0xAD, 0x4E, 0x51, 0x9F, 0x2A, 0x52 ),
+ BYTES_TO_T_UINT_8( 0x68, 0x5C, 0x7D, 0x4C, 0xD6, 0xCF, 0xDD, 0x02 ),
+ BYTES_TO_T_UINT_8( 0xD8, 0x76, 0x26, 0xE0, 0x8B, 0x10, 0xD9, 0x7C ),
+ BYTES_TO_T_UINT_8( 0x30, 0xA7, 0x23, 0x4E, 0x5F, 0xD2, 0x42, 0x17 ),
+ BYTES_TO_T_UINT_8( 0xD1, 0xE5, 0xA4, 0xEC, 0x77, 0x21, 0x34, 0x28 ),
+ BYTES_TO_T_UINT_8( 0x5C, 0x14, 0x65, 0xEA, 0x4A, 0x85, 0xC3, 0x2F ),
+};
+static const mbedtls_mpi_uint secp384r1_T_26_X[] = {
+ BYTES_TO_T_UINT_8( 0x19, 0xD8, 0x40, 0x27, 0x73, 0x15, 0x7E, 0x65 ),
+ BYTES_TO_T_UINT_8( 0xF6, 0xBB, 0x53, 0x7E, 0x0F, 0x40, 0xC8, 0xD4 ),
+ BYTES_TO_T_UINT_8( 0xEA, 0x37, 0x19, 0x73, 0xEF, 0x5A, 0x5E, 0x04 ),
+ BYTES_TO_T_UINT_8( 0x9C, 0x73, 0x2B, 0x49, 0x7E, 0xAC, 0x97, 0x5C ),
+ BYTES_TO_T_UINT_8( 0x15, 0xB2, 0xC3, 0x1E, 0x0E, 0xE7, 0xD2, 0x21 ),
+ BYTES_TO_T_UINT_8( 0x8A, 0x08, 0xD6, 0xDD, 0xAC, 0x21, 0xD6, 0x3E ),
+};
+static const mbedtls_mpi_uint secp384r1_T_26_Y[] = {
+ BYTES_TO_T_UINT_8( 0xA9, 0x26, 0xBE, 0x6D, 0x6D, 0xF2, 0x38, 0x3F ),
+ BYTES_TO_T_UINT_8( 0x08, 0x6C, 0x31, 0xA7, 0x49, 0x50, 0x3A, 0x89 ),
+ BYTES_TO_T_UINT_8( 0xC3, 0x99, 0xC6, 0xF5, 0xD2, 0xC2, 0x30, 0x5A ),
+ BYTES_TO_T_UINT_8( 0x2A, 0xE4, 0xF6, 0x8B, 0x8B, 0x97, 0xE9, 0xB2 ),
+ BYTES_TO_T_UINT_8( 0xDD, 0x21, 0xB7, 0x0D, 0xFC, 0x15, 0x54, 0x0B ),
+ BYTES_TO_T_UINT_8( 0x65, 0x83, 0x1C, 0xA4, 0xCD, 0x6B, 0x9D, 0xF2 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_27_X[] = {
+ BYTES_TO_T_UINT_8( 0xD6, 0xE8, 0x4C, 0x48, 0xE4, 0xAA, 0x69, 0x93 ),
+ BYTES_TO_T_UINT_8( 0x27, 0x7A, 0x27, 0xFC, 0x37, 0x96, 0x1A, 0x7B ),
+ BYTES_TO_T_UINT_8( 0x6F, 0xE7, 0x30, 0xA5, 0xCF, 0x13, 0x46, 0x5C ),
+ BYTES_TO_T_UINT_8( 0x8C, 0xD8, 0xAF, 0x74, 0x23, 0x4D, 0x56, 0x84 ),
+ BYTES_TO_T_UINT_8( 0x32, 0x3D, 0x44, 0x14, 0x1B, 0x97, 0x83, 0xF0 ),
+ BYTES_TO_T_UINT_8( 0xFA, 0x47, 0xD7, 0x5F, 0xFD, 0x98, 0x38, 0xF7 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_27_Y[] = {
+ BYTES_TO_T_UINT_8( 0xA3, 0x73, 0x64, 0x36, 0xFD, 0x7B, 0xC1, 0x15 ),
+ BYTES_TO_T_UINT_8( 0xEA, 0x5D, 0x32, 0xD2, 0x47, 0x94, 0x89, 0x2D ),
+ BYTES_TO_T_UINT_8( 0x51, 0xE9, 0x30, 0xAC, 0x06, 0xC8, 0x65, 0x04 ),
+ BYTES_TO_T_UINT_8( 0xFA, 0x6C, 0xB9, 0x1B, 0xF7, 0x61, 0x49, 0x53 ),
+ BYTES_TO_T_UINT_8( 0xD7, 0xFF, 0x32, 0x43, 0x80, 0xDA, 0xA6, 0xB1 ),
+ BYTES_TO_T_UINT_8( 0xAC, 0xF8, 0x04, 0x01, 0x95, 0x35, 0xCE, 0x21 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_28_X[] = {
+ BYTES_TO_T_UINT_8( 0x6D, 0x06, 0x46, 0x0D, 0x51, 0xE2, 0xD8, 0xAC ),
+ BYTES_TO_T_UINT_8( 0x14, 0x57, 0x1D, 0x6F, 0x79, 0xA0, 0xCD, 0xA6 ),
+ BYTES_TO_T_UINT_8( 0xDF, 0xFB, 0x36, 0xCA, 0xAD, 0xF5, 0x9E, 0x41 ),
+ BYTES_TO_T_UINT_8( 0x6F, 0x7A, 0x1D, 0x9E, 0x1D, 0x95, 0x48, 0xDC ),
+ BYTES_TO_T_UINT_8( 0x81, 0x26, 0xA5, 0xB7, 0x15, 0x2C, 0xC2, 0xC6 ),
+ BYTES_TO_T_UINT_8( 0x86, 0x42, 0x72, 0xAA, 0x11, 0xDC, 0xC9, 0xB6 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_28_Y[] = {
+ BYTES_TO_T_UINT_8( 0x3F, 0x6C, 0x64, 0xA7, 0x62, 0x3C, 0xAB, 0xD4 ),
+ BYTES_TO_T_UINT_8( 0x48, 0x6A, 0x44, 0xD8, 0x60, 0xC0, 0xA8, 0x80 ),
+ BYTES_TO_T_UINT_8( 0x82, 0x76, 0x58, 0x12, 0x57, 0x3C, 0x89, 0x46 ),
+ BYTES_TO_T_UINT_8( 0x82, 0x4F, 0x83, 0xCE, 0xCB, 0xB8, 0xD0, 0x2C ),
+ BYTES_TO_T_UINT_8( 0x9A, 0x84, 0x04, 0xB0, 0xAD, 0xEB, 0xFA, 0xDF ),
+ BYTES_TO_T_UINT_8( 0x34, 0xA4, 0xC3, 0x41, 0x44, 0x4E, 0x65, 0x3E ),
+};
+static const mbedtls_mpi_uint secp384r1_T_29_X[] = {
+ BYTES_TO_T_UINT_8( 0xB6, 0x16, 0xA9, 0x1C, 0xE7, 0x65, 0x20, 0xC1 ),
+ BYTES_TO_T_UINT_8( 0x58, 0x53, 0x32, 0xF8, 0xC0, 0xA6, 0xBD, 0x2C ),
+ BYTES_TO_T_UINT_8( 0xB7, 0xF0, 0xE6, 0x57, 0x31, 0xCC, 0x26, 0x6F ),
+ BYTES_TO_T_UINT_8( 0x27, 0xE3, 0x54, 0x1C, 0x34, 0xD3, 0x17, 0xBC ),
+ BYTES_TO_T_UINT_8( 0xF5, 0xAE, 0xED, 0xFB, 0xCD, 0xE7, 0x1E, 0x9F ),
+ BYTES_TO_T_UINT_8( 0x5A, 0x16, 0x1C, 0x34, 0x40, 0x00, 0x1F, 0xB6 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_29_Y[] = {
+ BYTES_TO_T_UINT_8( 0x6A, 0x32, 0x00, 0xC2, 0xD4, 0x3B, 0x1A, 0x09 ),
+ BYTES_TO_T_UINT_8( 0x34, 0xE0, 0x99, 0x8F, 0x0C, 0x4A, 0x16, 0x44 ),
+ BYTES_TO_T_UINT_8( 0x83, 0x73, 0x18, 0x1B, 0xD4, 0x94, 0x29, 0x62 ),
+ BYTES_TO_T_UINT_8( 0x29, 0xA4, 0x2D, 0xB1, 0x9D, 0x74, 0x32, 0x67 ),
+ BYTES_TO_T_UINT_8( 0xBF, 0xF4, 0xB1, 0x0C, 0x37, 0x62, 0x8B, 0x66 ),
+ BYTES_TO_T_UINT_8( 0xC9, 0xFF, 0xDA, 0xE2, 0x35, 0xA3, 0xB6, 0x42 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_30_X[] = {
+ BYTES_TO_T_UINT_8( 0x91, 0x49, 0x99, 0x65, 0xC5, 0xED, 0x16, 0xEF ),
+ BYTES_TO_T_UINT_8( 0x79, 0x42, 0x9A, 0xF3, 0xA7, 0x4E, 0x6F, 0x2B ),
+ BYTES_TO_T_UINT_8( 0x7B, 0x0A, 0x7E, 0xC0, 0xD7, 0x4E, 0x07, 0x55 ),
+ BYTES_TO_T_UINT_8( 0xD6, 0x7A, 0x31, 0x69, 0xA6, 0xB9, 0x15, 0x34 ),
+ BYTES_TO_T_UINT_8( 0xA8, 0xE0, 0x72, 0xA4, 0x3F, 0xB9, 0xF8, 0x0C ),
+ BYTES_TO_T_UINT_8( 0x2B, 0x75, 0x32, 0x85, 0xA2, 0xDE, 0x37, 0x12 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_30_Y[] = {
+ BYTES_TO_T_UINT_8( 0xBC, 0xC0, 0x0D, 0xCF, 0x25, 0x41, 0xA4, 0xF4 ),
+ BYTES_TO_T_UINT_8( 0x9B, 0xFC, 0xB2, 0x48, 0xC3, 0x85, 0x83, 0x4B ),
+ BYTES_TO_T_UINT_8( 0x2B, 0xBE, 0x0B, 0x58, 0x2D, 0x7A, 0x9A, 0x62 ),
+ BYTES_TO_T_UINT_8( 0xC5, 0xF3, 0x81, 0x18, 0x1B, 0x74, 0x4F, 0x2C ),
+ BYTES_TO_T_UINT_8( 0xE2, 0x43, 0xA3, 0x0A, 0x16, 0x8B, 0xA3, 0x1E ),
+ BYTES_TO_T_UINT_8( 0x4A, 0x18, 0x81, 0x7B, 0x8D, 0xA2, 0x35, 0x77 ),
+};
+static const mbedtls_mpi_uint secp384r1_T_31_X[] = {
+ BYTES_TO_T_UINT_8( 0x86, 0xC4, 0x3F, 0x2C, 0xE7, 0x5F, 0x99, 0x03 ),
+ BYTES_TO_T_UINT_8( 0xF0, 0x2B, 0xB7, 0xB6, 0xAD, 0x5A, 0x56, 0xFF ),
+ BYTES_TO_T_UINT_8( 0x04, 0x00, 0xA4, 0x48, 0xC8, 0xE8, 0xBA, 0xBF ),
+ BYTES_TO_T_UINT_8( 0xE8, 0xA1, 0xB5, 0x13, 0x5A, 0xCD, 0x99, 0x9C ),
+ BYTES_TO_T_UINT_8( 0xB0, 0x95, 0xAD, 0xFC, 0xE2, 0x7E, 0xE7, 0xFE ),
+ BYTES_TO_T_UINT_8( 0x96, 0x6B, 0xD1, 0x34, 0x99, 0x53, 0x63, 0x0B ),
+};
+static const mbedtls_mpi_uint secp384r1_T_31_Y[] = {
+ BYTES_TO_T_UINT_8( 0x19, 0x8A, 0x77, 0x5D, 0x2B, 0xAB, 0x01, 0x28 ),
+ BYTES_TO_T_UINT_8( 0x4E, 0x85, 0xD0, 0xD5, 0x49, 0x83, 0x4D, 0x60 ),
+ BYTES_TO_T_UINT_8( 0x81, 0xC6, 0x91, 0x30, 0x3B, 0x00, 0xAF, 0x7A ),
+ BYTES_TO_T_UINT_8( 0x3A, 0xAE, 0x61, 0x07, 0xE1, 0xB6, 0xE2, 0xC9 ),
+ BYTES_TO_T_UINT_8( 0x95, 0x43, 0x41, 0xFE, 0x9B, 0xB6, 0xF0, 0xA5 ),
+ BYTES_TO_T_UINT_8( 0xB4, 0x97, 0xAE, 0xAD, 0x89, 0x88, 0x9E, 0x41 ),
+};
+static const mbedtls_ecp_point secp384r1_T[32] = {
+ ECP_POINT_INIT_XY_Z1(secp384r1_T_0_X, secp384r1_T_0_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_1_X, secp384r1_T_1_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_2_X, secp384r1_T_2_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_3_X, secp384r1_T_3_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_4_X, secp384r1_T_4_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_5_X, secp384r1_T_5_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_6_X, secp384r1_T_6_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_7_X, secp384r1_T_7_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_8_X, secp384r1_T_8_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_9_X, secp384r1_T_9_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_10_X, secp384r1_T_10_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_11_X, secp384r1_T_11_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_12_X, secp384r1_T_12_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_13_X, secp384r1_T_13_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_14_X, secp384r1_T_14_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_15_X, secp384r1_T_15_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_16_X, secp384r1_T_16_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_17_X, secp384r1_T_17_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_18_X, secp384r1_T_18_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_19_X, secp384r1_T_19_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_20_X, secp384r1_T_20_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_21_X, secp384r1_T_21_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_22_X, secp384r1_T_22_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_23_X, secp384r1_T_23_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_24_X, secp384r1_T_24_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_25_X, secp384r1_T_25_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_26_X, secp384r1_T_26_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_27_X, secp384r1_T_27_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_28_X, secp384r1_T_28_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_29_X, secp384r1_T_29_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_30_X, secp384r1_T_30_Y),
+ ECP_POINT_INIT_XY_Z0(secp384r1_T_31_X, secp384r1_T_31_Y),
+};
+#else
+#define secp384r1_T NULL
+#endif
+
#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
/*
@@ -294,6 +1483,748 @@
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_2( 0xFF, 0x01 ),
};
+#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
+static const mbedtls_mpi_uint secp521r1_T_0_X[] = {
+ BYTES_TO_T_UINT_8( 0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9 ),
+ BYTES_TO_T_UINT_8( 0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33 ),
+ BYTES_TO_T_UINT_8( 0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE ),
+ BYTES_TO_T_UINT_8( 0x28, 0x59, 0xE7, 0xEF, 0x77, 0x5E, 0x4B, 0xA1 ),
+ BYTES_TO_T_UINT_8( 0xBA, 0x3D, 0x4D, 0x6B, 0x60, 0xAF, 0x28, 0xF8 ),
+ BYTES_TO_T_UINT_8( 0x21, 0xB5, 0x3F, 0x05, 0x39, 0x81, 0x64, 0x9C ),
+ BYTES_TO_T_UINT_8( 0x42, 0xB4, 0x95, 0x23, 0x66, 0xCB, 0x3E, 0x9E ),
+ BYTES_TO_T_UINT_8( 0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85 ),
+ BYTES_TO_T_UINT_8( 0xC6, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_0_Y[] = {
+ BYTES_TO_T_UINT_8( 0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88 ),
+ BYTES_TO_T_UINT_8( 0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35 ),
+ BYTES_TO_T_UINT_8( 0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5 ),
+ BYTES_TO_T_UINT_8( 0x40, 0x26, 0xF4, 0x5E, 0x99, 0x72, 0xEE, 0x97 ),
+ BYTES_TO_T_UINT_8( 0x2C, 0x66, 0x3E, 0x27, 0x17, 0xBD, 0xAF, 0x17 ),
+ BYTES_TO_T_UINT_8( 0x68, 0x44, 0x9B, 0x57, 0x49, 0x44, 0xF5, 0x98 ),
+ BYTES_TO_T_UINT_8( 0xD9, 0x1B, 0x7D, 0x2C, 0xB4, 0x5F, 0x8A, 0x5C ),
+ BYTES_TO_T_UINT_8( 0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39 ),
+ BYTES_TO_T_UINT_8( 0x18, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_1_X[] = {
+ BYTES_TO_T_UINT_8( 0x2F, 0xB1, 0x2D, 0xEB, 0x27, 0x2F, 0xE8, 0xDA ),
+ BYTES_TO_T_UINT_8( 0x98, 0x4B, 0x44, 0x25, 0xDB, 0x5C, 0x5F, 0x67 ),
+ BYTES_TO_T_UINT_8( 0x13, 0x85, 0x28, 0x78, 0x2E, 0x75, 0x34, 0x32 ),
+ BYTES_TO_T_UINT_8( 0x69, 0x57, 0x0F, 0x73, 0x78, 0x7A, 0xE3, 0x53 ),
+ BYTES_TO_T_UINT_8( 0x8D, 0xD8, 0xEC, 0xDC, 0xDA, 0x04, 0xAD, 0xAB ),
+ BYTES_TO_T_UINT_8( 0x34, 0x8A, 0x09, 0xF3, 0x58, 0x79, 0xD8, 0x29 ),
+ BYTES_TO_T_UINT_8( 0x63, 0x03, 0xCB, 0x50, 0x1A, 0x7F, 0x56, 0x00 ),
+ BYTES_TO_T_UINT_8( 0xF6, 0xA6, 0x78, 0x38, 0x85, 0x67, 0x0B, 0x40 ),
+ BYTES_TO_T_UINT_8( 0x83, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_1_Y[] = {
+ BYTES_TO_T_UINT_8( 0x8A, 0xD5, 0xD2, 0x22, 0xC4, 0x00, 0x3B, 0xBA ),
+ BYTES_TO_T_UINT_8( 0xD5, 0x93, 0x0E, 0x7B, 0x85, 0x51, 0xC3, 0x06 ),
+ BYTES_TO_T_UINT_8( 0x3D, 0xA6, 0x5F, 0x54, 0x49, 0x02, 0x81, 0x78 ),
+ BYTES_TO_T_UINT_8( 0x22, 0xE9, 0x6B, 0x3A, 0x92, 0xE7, 0x72, 0x1D ),
+ BYTES_TO_T_UINT_8( 0x6F, 0x5F, 0x28, 0x9E, 0x91, 0x27, 0x88, 0xE3 ),
+ BYTES_TO_T_UINT_8( 0xEF, 0x28, 0x31, 0xB3, 0x84, 0xCA, 0x12, 0x32 ),
+ BYTES_TO_T_UINT_8( 0x3D, 0xF9, 0xAC, 0x22, 0x10, 0x0A, 0x64, 0x41 ),
+ BYTES_TO_T_UINT_8( 0xE9, 0xC6, 0x33, 0x1F, 0x69, 0x19, 0x18, 0xBF ),
+ BYTES_TO_T_UINT_8( 0xBE, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_2_X[] = {
+ BYTES_TO_T_UINT_8( 0xA0, 0x48, 0xB8, 0xC7, 0x37, 0x5A, 0x00, 0x36 ),
+ BYTES_TO_T_UINT_8( 0x07, 0xCC, 0x32, 0xE0, 0xEE, 0x03, 0xC2, 0xBA ),
+ BYTES_TO_T_UINT_8( 0xC4, 0x29, 0xC2, 0xE4, 0x6E, 0x24, 0x20, 0x8D ),
+ BYTES_TO_T_UINT_8( 0x06, 0x6B, 0x7F, 0x7B, 0xF9, 0xB0, 0xB8, 0x13 ),
+ BYTES_TO_T_UINT_8( 0x1D, 0x7B, 0x3C, 0xE1, 0x19, 0xA1, 0x23, 0x02 ),
+ BYTES_TO_T_UINT_8( 0x2A, 0xE3, 0xC2, 0x53, 0xC0, 0x07, 0x13, 0xA9 ),
+ BYTES_TO_T_UINT_8( 0x07, 0xFE, 0x36, 0x35, 0x9F, 0x5E, 0x59, 0xCE ),
+ BYTES_TO_T_UINT_8( 0x1D, 0x55, 0x89, 0x84, 0xBC, 0xEF, 0xA2, 0xC2 ),
+ BYTES_TO_T_UINT_8( 0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_2_Y[] = {
+ BYTES_TO_T_UINT_8( 0xFD, 0x1A, 0x08, 0x67, 0xB4, 0xE7, 0x22, 0xED ),
+ BYTES_TO_T_UINT_8( 0x76, 0x26, 0xDF, 0x81, 0x3C, 0x5F, 0x1C, 0xDA ),
+ BYTES_TO_T_UINT_8( 0xE0, 0x4D, 0xD0, 0x0A, 0x48, 0x06, 0xF4, 0x48 ),
+ BYTES_TO_T_UINT_8( 0x73, 0x18, 0x39, 0xF7, 0xD1, 0x20, 0x77, 0x8D ),
+ BYTES_TO_T_UINT_8( 0x78, 0x8F, 0x44, 0x13, 0xCB, 0x78, 0x11, 0x11 ),
+ BYTES_TO_T_UINT_8( 0x33, 0xE2, 0x49, 0xEA, 0x43, 0x79, 0x08, 0x39 ),
+ BYTES_TO_T_UINT_8( 0x01, 0xD1, 0xD8, 0x73, 0x2C, 0x71, 0x2F, 0x69 ),
+ BYTES_TO_T_UINT_8( 0x21, 0xE5, 0xE7, 0xF4, 0x46, 0xAB, 0x20, 0xCA ),
+ BYTES_TO_T_UINT_8( 0x5A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_3_X[] = {
+ BYTES_TO_T_UINT_8( 0x8C, 0x0B, 0xB9, 0x71, 0x1A, 0x27, 0xB7, 0xA7 ),
+ BYTES_TO_T_UINT_8( 0x2A, 0xA2, 0x2C, 0xD1, 0xDA, 0xBC, 0xC1, 0xBD ),
+ BYTES_TO_T_UINT_8( 0x10, 0xA3, 0x10, 0x1F, 0x90, 0xF2, 0xA5, 0x52 ),
+ BYTES_TO_T_UINT_8( 0x28, 0xFB, 0x20, 0xF4, 0xC0, 0x70, 0xC0, 0xF5 ),
+ BYTES_TO_T_UINT_8( 0x8F, 0xA7, 0x99, 0xF0, 0xA5, 0xD3, 0x09, 0xDD ),
+ BYTES_TO_T_UINT_8( 0x26, 0xE8, 0x14, 0x39, 0xBE, 0xCB, 0x60, 0xAF ),
+ BYTES_TO_T_UINT_8( 0x9F, 0xD6, 0x14, 0xA9, 0xC9, 0x20, 0xC3, 0xEA ),
+ BYTES_TO_T_UINT_8( 0x5D, 0xA8, 0x5B, 0xFD, 0x2D, 0x96, 0xBC, 0x78 ),
+ BYTES_TO_T_UINT_8( 0xC0, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_3_Y[] = {
+ BYTES_TO_T_UINT_8( 0x9D, 0x04, 0x45, 0xBE, 0xCE, 0x75, 0x95, 0xF6 ),
+ BYTES_TO_T_UINT_8( 0xCC, 0xDA, 0x58, 0x49, 0x35, 0x09, 0x8D, 0x41 ),
+ BYTES_TO_T_UINT_8( 0x76, 0xF0, 0xC0, 0x36, 0xF2, 0xA6, 0x2D, 0x14 ),
+ BYTES_TO_T_UINT_8( 0xE7, 0xFC, 0x3D, 0xA8, 0xFB, 0x3C, 0xD2, 0x51 ),
+ BYTES_TO_T_UINT_8( 0x01, 0x4D, 0x71, 0x09, 0x18, 0x42, 0xF0, 0x2D ),
+ BYTES_TO_T_UINT_8( 0x8D, 0xC1, 0xCE, 0x9E, 0x6A, 0x49, 0x60, 0x12 ),
+ BYTES_TO_T_UINT_8( 0xAD, 0xB1, 0x00, 0xF7, 0xA1, 0x7A, 0x31, 0xB4 ),
+ BYTES_TO_T_UINT_8( 0x41, 0xC3, 0x86, 0xCD, 0x20, 0x4A, 0x17, 0x86 ),
+ BYTES_TO_T_UINT_8( 0x6C, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_4_X[] = {
+ BYTES_TO_T_UINT_8( 0x98, 0xAB, 0x8B, 0x47, 0x8D, 0xAA, 0xA6, 0x5B ),
+ BYTES_TO_T_UINT_8( 0xC4, 0x97, 0xF0, 0xBC, 0x2D, 0xDC, 0x9D, 0x84 ),
+ BYTES_TO_T_UINT_8( 0x01, 0x86, 0xB0, 0x74, 0xB2, 0xF4, 0xF6, 0x67 ),
+ BYTES_TO_T_UINT_8( 0xAC, 0xBD, 0xAC, 0xE3, 0x8F, 0x43, 0x5C, 0xB1 ),
+ BYTES_TO_T_UINT_8( 0x37, 0xC3, 0xE2, 0x6E, 0x25, 0x49, 0xCD, 0x0B ),
+ BYTES_TO_T_UINT_8( 0x64, 0x5E, 0x08, 0xB3, 0xB9, 0xAC, 0x5F, 0xD1 ),
+ BYTES_TO_T_UINT_8( 0x08, 0xB7, 0xD1, 0xF4, 0xDC, 0x19, 0xE9, 0xC8 ),
+ BYTES_TO_T_UINT_8( 0x49, 0xE4, 0xFA, 0xE1, 0x36, 0x3E, 0xED, 0x6E ),
+ BYTES_TO_T_UINT_8( 0x0A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_4_Y[] = {
+ BYTES_TO_T_UINT_8( 0x00, 0x67, 0x92, 0x84, 0x6E, 0x48, 0x03, 0x51 ),
+ BYTES_TO_T_UINT_8( 0x9E, 0x95, 0xEF, 0x8F, 0xB2, 0x82, 0x6B, 0x1C ),
+ BYTES_TO_T_UINT_8( 0x8D, 0xFA, 0xB9, 0x55, 0x23, 0xFE, 0x09, 0xB3 ),
+ BYTES_TO_T_UINT_8( 0xEF, 0x79, 0x85, 0x4B, 0x0E, 0xD4, 0x35, 0xDB ),
+ BYTES_TO_T_UINT_8( 0x9A, 0x27, 0x45, 0x81, 0xE0, 0x88, 0x52, 0xAD ),
+ BYTES_TO_T_UINT_8( 0x17, 0x63, 0xA2, 0x4B, 0xBC, 0x5D, 0xB1, 0x92 ),
+ BYTES_TO_T_UINT_8( 0x28, 0x8C, 0x83, 0xD9, 0x3E, 0xD3, 0x42, 0xDA ),
+ BYTES_TO_T_UINT_8( 0x99, 0x03, 0x3A, 0x31, 0xBA, 0xE9, 0x3A, 0xD1 ),
+ BYTES_TO_T_UINT_8( 0x47, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_5_X[] = {
+ BYTES_TO_T_UINT_8( 0x35, 0x10, 0xCD, 0x2D, 0x00, 0xFE, 0x32, 0xA7 ),
+ BYTES_TO_T_UINT_8( 0xE4, 0x6E, 0x1F, 0xDA, 0xF8, 0x6F, 0x4D, 0x03 ),
+ BYTES_TO_T_UINT_8( 0x09, 0x79, 0x7D, 0x09, 0xE5, 0xD3, 0x03, 0x21 ),
+ BYTES_TO_T_UINT_8( 0x58, 0xC3, 0xBE, 0xDF, 0x07, 0x65, 0x49, 0xCC ),
+ BYTES_TO_T_UINT_8( 0x08, 0x57, 0x33, 0xEF, 0xAE, 0x4F, 0x04, 0x27 ),
+ BYTES_TO_T_UINT_8( 0x9A, 0xE9, 0x9B, 0xFE, 0xBF, 0xE6, 0x85, 0xF6 ),
+ BYTES_TO_T_UINT_8( 0xBD, 0xBA, 0xAA, 0x06, 0xC4, 0xC6, 0xB8, 0x57 ),
+ BYTES_TO_T_UINT_8( 0x0C, 0x83, 0x01, 0xA9, 0xF6, 0x51, 0xE7, 0xB8 ),
+ BYTES_TO_T_UINT_8( 0x1B, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_5_Y[] = {
+ BYTES_TO_T_UINT_8( 0xB9, 0xA6, 0x15, 0x8E, 0xAB, 0x1F, 0x10, 0x87 ),
+ BYTES_TO_T_UINT_8( 0x74, 0x08, 0x27, 0x1A, 0xA1, 0x21, 0xAD, 0xF5 ),
+ BYTES_TO_T_UINT_8( 0x02, 0x09, 0x90, 0x6E, 0x50, 0x90, 0x9A, 0x5D ),
+ BYTES_TO_T_UINT_8( 0x86, 0x9A, 0xFE, 0xD7, 0xA1, 0xF5, 0xA2, 0x15 ),
+ BYTES_TO_T_UINT_8( 0xE8, 0x7D, 0xE3, 0xDC, 0x21, 0xFB, 0xA4, 0x7B ),
+ BYTES_TO_T_UINT_8( 0xB9, 0xBF, 0x07, 0xFF, 0x45, 0xDF, 0x51, 0x77 ),
+ BYTES_TO_T_UINT_8( 0x0B, 0x5C, 0x34, 0x02, 0x62, 0x9B, 0x08, 0x12 ),
+ BYTES_TO_T_UINT_8( 0x86, 0xCE, 0x9A, 0x6A, 0xEC, 0x75, 0xF6, 0x46 ),
+ BYTES_TO_T_UINT_8( 0x6D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_6_X[] = {
+ BYTES_TO_T_UINT_8( 0xE6, 0x59, 0xF4, 0x78, 0x3C, 0x60, 0xB1, 0x4A ),
+ BYTES_TO_T_UINT_8( 0x3E, 0x37, 0x84, 0x6A, 0xDC, 0xF2, 0x9A, 0x7D ),
+ BYTES_TO_T_UINT_8( 0x40, 0x9A, 0x9A, 0x15, 0x36, 0xE0, 0x2B, 0x2D ),
+ BYTES_TO_T_UINT_8( 0xEC, 0x38, 0x9C, 0x50, 0x3D, 0x1E, 0x37, 0x82 ),
+ BYTES_TO_T_UINT_8( 0xB7, 0x79, 0xF0, 0x92, 0xF2, 0x8B, 0x18, 0x82 ),
+ BYTES_TO_T_UINT_8( 0x17, 0xE0, 0x82, 0x1E, 0x80, 0x82, 0x4B, 0xD7 ),
+ BYTES_TO_T_UINT_8( 0xFA, 0xBB, 0x59, 0x6B, 0x8A, 0x77, 0x41, 0x40 ),
+ BYTES_TO_T_UINT_8( 0xA7, 0xF9, 0xD4, 0xB8, 0x4A, 0x82, 0xCF, 0x40 ),
+ BYTES_TO_T_UINT_8( 0x5D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_6_Y[] = {
+ BYTES_TO_T_UINT_8( 0x1E, 0x8C, 0xC8, 0x9B, 0x72, 0x9E, 0xF7, 0xF9 ),
+ BYTES_TO_T_UINT_8( 0xB8, 0xCE, 0xE9, 0x77, 0x0A, 0x19, 0x59, 0x84 ),
+ BYTES_TO_T_UINT_8( 0x9D, 0xA1, 0x41, 0x6A, 0x72, 0x4B, 0xB4, 0xDC ),
+ BYTES_TO_T_UINT_8( 0x0B, 0x35, 0x43, 0xE2, 0x8C, 0xBE, 0x0D, 0xE3 ),
+ BYTES_TO_T_UINT_8( 0xC1, 0xEB, 0xAD, 0xF3, 0xA9, 0xA6, 0x68, 0xA1 ),
+ BYTES_TO_T_UINT_8( 0x81, 0x2F, 0xE2, 0x48, 0x0C, 0xDB, 0x1F, 0x42 ),
+ BYTES_TO_T_UINT_8( 0xD1, 0x1E, 0x60, 0x9B, 0x2A, 0xD2, 0xC1, 0x3C ),
+ BYTES_TO_T_UINT_8( 0xC0, 0x64, 0xB5, 0xD2, 0xF6, 0xF6, 0x6E, 0x22 ),
+ BYTES_TO_T_UINT_8( 0x70, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_7_X[] = {
+ BYTES_TO_T_UINT_8( 0xC6, 0x3D, 0x30, 0x78, 0x10, 0x18, 0x41, 0x51 ),
+ BYTES_TO_T_UINT_8( 0x96, 0x1D, 0x1C, 0xE0, 0x6D, 0x83, 0xD1, 0x93 ),
+ BYTES_TO_T_UINT_8( 0x7B, 0x03, 0x0B, 0xF5, 0x2F, 0x6C, 0x04, 0x98 ),
+ BYTES_TO_T_UINT_8( 0x6C, 0x3E, 0xD5, 0xFC, 0x31, 0x5B, 0x3A, 0xEB ),
+ BYTES_TO_T_UINT_8( 0x50, 0x82, 0x2F, 0xFB, 0xFE, 0xF8, 0x76, 0x39 ),
+ BYTES_TO_T_UINT_8( 0x85, 0x26, 0xDA, 0x9C, 0x36, 0xF5, 0x93, 0xD1 ),
+ BYTES_TO_T_UINT_8( 0x4C, 0xE7, 0x6E, 0xD2, 0x7D, 0x81, 0x09, 0xC6 ),
+ BYTES_TO_T_UINT_8( 0xD3, 0x03, 0xF9, 0x58, 0x48, 0x24, 0xA2, 0xEE ),
+ BYTES_TO_T_UINT_8( 0xE9, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_7_Y[] = {
+ BYTES_TO_T_UINT_8( 0x1B, 0x79, 0x0C, 0x8E, 0x6B, 0x95, 0xF3, 0xC4 ),
+ BYTES_TO_T_UINT_8( 0xF4, 0x10, 0x5C, 0x87, 0x03, 0x39, 0xCF, 0x68 ),
+ BYTES_TO_T_UINT_8( 0xAD, 0xF0, 0xF7, 0xC1, 0x07, 0xA4, 0xF4, 0x3F ),
+ BYTES_TO_T_UINT_8( 0x32, 0xE8, 0x02, 0x89, 0x65, 0xC4, 0x72, 0x36 ),
+ BYTES_TO_T_UINT_8( 0xB4, 0x88, 0xEA, 0x96, 0x67, 0x0B, 0x5D, 0xDF ),
+ BYTES_TO_T_UINT_8( 0xA8, 0x75, 0x60, 0xA8, 0xBD, 0x74, 0xDF, 0x68 ),
+ BYTES_TO_T_UINT_8( 0x6E, 0xE5, 0x71, 0x50, 0x67, 0xD0, 0xD2, 0xE6 ),
+ BYTES_TO_T_UINT_8( 0xD5, 0xFC, 0xE5, 0xC7, 0x77, 0xB0, 0x7F, 0x8C ),
+ BYTES_TO_T_UINT_8( 0xF1, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_8_X[] = {
+ BYTES_TO_T_UINT_8( 0x97, 0x86, 0x69, 0xCD, 0x0D, 0x9A, 0xBD, 0x66 ),
+ BYTES_TO_T_UINT_8( 0x58, 0x17, 0xBC, 0xBB, 0x59, 0x85, 0x7D, 0x0E ),
+ BYTES_TO_T_UINT_8( 0x8D, 0xA8, 0x76, 0xAC, 0x80, 0xA9, 0x72, 0xE0 ),
+ BYTES_TO_T_UINT_8( 0x74, 0x78, 0xC1, 0xE2, 0x4D, 0xAF, 0xF9, 0x3C ),
+ BYTES_TO_T_UINT_8( 0xAD, 0x97, 0x8E, 0x74, 0xC4, 0x4B, 0xB2, 0x85 ),
+ BYTES_TO_T_UINT_8( 0xEA, 0xD8, 0xF6, 0xF3, 0xAF, 0x2F, 0x52, 0xE5 ),
+ BYTES_TO_T_UINT_8( 0x95, 0x57, 0xF4, 0xCE, 0xEE, 0x43, 0xED, 0x60 ),
+ BYTES_TO_T_UINT_8( 0x7D, 0x46, 0x38, 0xDE, 0x20, 0xFD, 0x59, 0x18 ),
+ BYTES_TO_T_UINT_8( 0xD7, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_8_Y[] = {
+ BYTES_TO_T_UINT_8( 0x1C, 0x18, 0xE8, 0x58, 0xB9, 0x76, 0x2C, 0xE6 ),
+ BYTES_TO_T_UINT_8( 0xED, 0x54, 0xE4, 0xFE, 0xC7, 0xBC, 0x31, 0x37 ),
+ BYTES_TO_T_UINT_8( 0xF5, 0xF8, 0x89, 0xEE, 0x70, 0xB5, 0xB0, 0x2C ),
+ BYTES_TO_T_UINT_8( 0x83, 0x22, 0x26, 0x9A, 0x53, 0xB9, 0x38, 0x0A ),
+ BYTES_TO_T_UINT_8( 0x74, 0xA7, 0x19, 0x8C, 0x74, 0x7E, 0x88, 0x46 ),
+ BYTES_TO_T_UINT_8( 0xB4, 0xDA, 0x0A, 0xE8, 0xDA, 0xA5, 0xBE, 0x1D ),
+ BYTES_TO_T_UINT_8( 0x90, 0x5C, 0xF7, 0xB1, 0x0C, 0x72, 0xFB, 0x09 ),
+ BYTES_TO_T_UINT_8( 0x78, 0xE2, 0x23, 0xE7, 0x46, 0xB7, 0xE0, 0x91 ),
+ BYTES_TO_T_UINT_8( 0xC5, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_9_X[] = {
+ BYTES_TO_T_UINT_8( 0x3A, 0x36, 0xBC, 0xBD, 0x48, 0x11, 0x8E, 0x72 ),
+ BYTES_TO_T_UINT_8( 0xAB, 0xBB, 0xA1, 0xF7, 0x0B, 0x9E, 0xBF, 0xDF ),
+ BYTES_TO_T_UINT_8( 0x68, 0x28, 0xE1, 0xA2, 0x8F, 0xFC, 0xFC, 0xD6 ),
+ BYTES_TO_T_UINT_8( 0x81, 0xFE, 0x19, 0x0A, 0xE5, 0xE7, 0x69, 0x39 ),
+ BYTES_TO_T_UINT_8( 0x5E, 0xCD, 0x12, 0xF5, 0xBE, 0xD3, 0x04, 0xF1 ),
+ BYTES_TO_T_UINT_8( 0xF5, 0xA8, 0x0D, 0x81, 0x59, 0xC4, 0x79, 0x98 ),
+ BYTES_TO_T_UINT_8( 0xA3, 0xF3, 0x4B, 0x92, 0x65, 0xC3, 0x31, 0xAD ),
+ BYTES_TO_T_UINT_8( 0x75, 0xB5, 0x4F, 0x4D, 0x91, 0xD4, 0xE2, 0xB2 ),
+ BYTES_TO_T_UINT_8( 0x51, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_9_Y[] = {
+ BYTES_TO_T_UINT_8( 0x72, 0x09, 0x41, 0x79, 0x1D, 0x4D, 0x0D, 0x33 ),
+ BYTES_TO_T_UINT_8( 0xBB, 0x31, 0x18, 0xBA, 0xA0, 0xF2, 0x6E, 0x7E ),
+ BYTES_TO_T_UINT_8( 0x93, 0x5B, 0x4D, 0x4F, 0xAF, 0xC9, 0x8C, 0xA1 ),
+ BYTES_TO_T_UINT_8( 0x48, 0x99, 0x9C, 0x06, 0x68, 0xDE, 0xD8, 0x29 ),
+ BYTES_TO_T_UINT_8( 0xA0, 0x04, 0xE1, 0xB5, 0x9D, 0x00, 0xBC, 0xB8 ),
+ BYTES_TO_T_UINT_8( 0x61, 0x95, 0x92, 0x8D, 0x72, 0xD3, 0x37, 0x42 ),
+ BYTES_TO_T_UINT_8( 0xAB, 0x4B, 0x27, 0xA2, 0xE8, 0xA4, 0x26, 0xA1 ),
+ BYTES_TO_T_UINT_8( 0x4F, 0x45, 0x9C, 0xA9, 0xCB, 0x9F, 0xBA, 0x85 ),
+ BYTES_TO_T_UINT_8( 0xCB, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_10_X[] = {
+ BYTES_TO_T_UINT_8( 0x08, 0x7E, 0x1B, 0x64, 0xF4, 0xE8, 0xA5, 0x55 ),
+ BYTES_TO_T_UINT_8( 0xF7, 0x20, 0xA9, 0xCA, 0xF3, 0x89, 0xE5, 0xE1 ),
+ BYTES_TO_T_UINT_8( 0x83, 0xED, 0xFC, 0xAB, 0xD9, 0x0A, 0xB9, 0x07 ),
+ BYTES_TO_T_UINT_8( 0x08, 0x6F, 0x46, 0x7C, 0xCD, 0x78, 0xFF, 0x05 ),
+ BYTES_TO_T_UINT_8( 0x69, 0xAB, 0x71, 0x5A, 0x94, 0xAB, 0x20, 0x20 ),
+ BYTES_TO_T_UINT_8( 0xC2, 0x2E, 0xEE, 0x87, 0x57, 0x1F, 0xAD, 0xD3 ),
+ BYTES_TO_T_UINT_8( 0x91, 0x4C, 0x3D, 0xFB, 0x7E, 0xA1, 0x8B, 0x07 ),
+ BYTES_TO_T_UINT_8( 0x69, 0xCF, 0x07, 0x86, 0xBA, 0x53, 0x37, 0xCF ),
+ BYTES_TO_T_UINT_8( 0x38, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_10_Y[] = {
+ BYTES_TO_T_UINT_8( 0x00, 0x26, 0xB2, 0xB9, 0xE2, 0x91, 0xE3, 0xB5 ),
+ BYTES_TO_T_UINT_8( 0x79, 0xC9, 0x54, 0x84, 0x08, 0x3D, 0x0B, 0xD2 ),
+ BYTES_TO_T_UINT_8( 0x5D, 0xA8, 0x77, 0x2F, 0x64, 0x45, 0x99, 0x4C ),
+ BYTES_TO_T_UINT_8( 0x87, 0x96, 0x16, 0x1F, 0xDB, 0x96, 0x28, 0x97 ),
+ BYTES_TO_T_UINT_8( 0x83, 0x2B, 0x8D, 0xFF, 0xA2, 0x4F, 0x55, 0xD3 ),
+ BYTES_TO_T_UINT_8( 0x71, 0xE6, 0x48, 0xBD, 0x99, 0x3D, 0x12, 0x57 ),
+ BYTES_TO_T_UINT_8( 0x3F, 0x84, 0x59, 0xDA, 0xB9, 0xB6, 0x66, 0x12 ),
+ BYTES_TO_T_UINT_8( 0x6D, 0x78, 0x41, 0x92, 0xDF, 0xF4, 0x3F, 0x63 ),
+ BYTES_TO_T_UINT_8( 0x1F, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_11_X[] = {
+ BYTES_TO_T_UINT_8( 0x7E, 0x86, 0x6F, 0x4F, 0xBF, 0x67, 0xDF, 0x2F ),
+ BYTES_TO_T_UINT_8( 0xF2, 0x2B, 0x1E, 0x5F, 0x00, 0xEA, 0xF6, 0x56 ),
+ BYTES_TO_T_UINT_8( 0x90, 0xB9, 0x6A, 0x89, 0xD8, 0xC0, 0xD7, 0xA7 ),
+ BYTES_TO_T_UINT_8( 0xCB, 0x9A, 0x32, 0x23, 0xA0, 0x02, 0x91, 0x58 ),
+ BYTES_TO_T_UINT_8( 0x42, 0x7F, 0x6A, 0x15, 0x64, 0x6A, 0x8B, 0xBB ),
+ BYTES_TO_T_UINT_8( 0x8A, 0x57, 0x82, 0x58, 0xA9, 0x56, 0xB5, 0xFB ),
+ BYTES_TO_T_UINT_8( 0xDD, 0x50, 0x92, 0x60, 0xCC, 0x81, 0x24, 0xA8 ),
+ BYTES_TO_T_UINT_8( 0x36, 0x3D, 0xAD, 0xDA, 0xD9, 0x51, 0x3E, 0x57 ),
+ BYTES_TO_T_UINT_8( 0x5D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_11_Y[] = {
+ BYTES_TO_T_UINT_8( 0xEC, 0xFE, 0x8F, 0xB0, 0x0B, 0xDE, 0x2E, 0x7E ),
+ BYTES_TO_T_UINT_8( 0x79, 0xD2, 0xBE, 0xEF, 0xAC, 0x76, 0x71, 0xA3 ),
+ BYTES_TO_T_UINT_8( 0x55, 0xE8, 0x72, 0x0B, 0xAC, 0xFE, 0xCA, 0x5A ),
+ BYTES_TO_T_UINT_8( 0xAD, 0x5B, 0xC7, 0xFC, 0xE3, 0x3C, 0x7C, 0x4C ),
+ BYTES_TO_T_UINT_8( 0xA1, 0x04, 0xA7, 0xB9, 0x9B, 0x93, 0xC0, 0x2F ),
+ BYTES_TO_T_UINT_8( 0x41, 0x48, 0x4B, 0x8E, 0x32, 0xC5, 0xF0, 0x6B ),
+ BYTES_TO_T_UINT_8( 0xB0, 0x42, 0x07, 0xC1, 0xF2, 0xF1, 0x72, 0x5B ),
+ BYTES_TO_T_UINT_8( 0x1E, 0x37, 0x54, 0x9C, 0x88, 0xD2, 0x62, 0xAA ),
+ BYTES_TO_T_UINT_8( 0xC1, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_12_X[] = {
+ BYTES_TO_T_UINT_8( 0xC2, 0x19, 0x8A, 0x89, 0x58, 0xA2, 0x0F, 0xDB ),
+ BYTES_TO_T_UINT_8( 0x01, 0xCC, 0x4C, 0x97, 0x30, 0x66, 0x34, 0x26 ),
+ BYTES_TO_T_UINT_8( 0x83, 0x6A, 0x1E, 0x1F, 0xDB, 0xC9, 0x5E, 0x13 ),
+ BYTES_TO_T_UINT_8( 0x1B, 0x4D, 0x49, 0xFF, 0x9B, 0x9C, 0xAC, 0x9B ),
+ BYTES_TO_T_UINT_8( 0xD7, 0xE4, 0x4B, 0xF2, 0xD4, 0x1A, 0xD2, 0x78 ),
+ BYTES_TO_T_UINT_8( 0xCD, 0xDA, 0xE8, 0x61, 0x9F, 0xC8, 0x49, 0x32 ),
+ BYTES_TO_T_UINT_8( 0x51, 0xCB, 0xF2, 0x2D, 0x85, 0xF6, 0x8D, 0x52 ),
+ BYTES_TO_T_UINT_8( 0xB7, 0xC5, 0xCD, 0x2C, 0x79, 0xC6, 0x0E, 0x4F ),
+ BYTES_TO_T_UINT_8( 0xDB, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_12_Y[] = {
+ BYTES_TO_T_UINT_8( 0x73, 0x1D, 0x55, 0x0F, 0xF8, 0x22, 0x9F, 0x78 ),
+ BYTES_TO_T_UINT_8( 0x76, 0x56, 0xBA, 0xE7, 0x57, 0x32, 0xEC, 0x42 ),
+ BYTES_TO_T_UINT_8( 0x65, 0x9A, 0xC6, 0x4C, 0x09, 0xC4, 0x52, 0x3F ),
+ BYTES_TO_T_UINT_8( 0xB6, 0x1E, 0x6F, 0xF4, 0x7D, 0x27, 0xDD, 0xAF ),
+ BYTES_TO_T_UINT_8( 0x94, 0x11, 0x16, 0xEC, 0x79, 0x83, 0xAD, 0xAE ),
+ BYTES_TO_T_UINT_8( 0x46, 0x4E, 0x92, 0x1F, 0x19, 0x7D, 0x65, 0xDC ),
+ BYTES_TO_T_UINT_8( 0x09, 0xFF, 0x78, 0x15, 0x45, 0x63, 0x32, 0xE4 ),
+ BYTES_TO_T_UINT_8( 0xBF, 0x91, 0xD0, 0x78, 0x58, 0xDA, 0x50, 0x47 ),
+ BYTES_TO_T_UINT_8( 0x73, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_13_X[] = {
+ BYTES_TO_T_UINT_8( 0x23, 0xDE, 0x40, 0xF6, 0x41, 0xB4, 0x3B, 0x95 ),
+ BYTES_TO_T_UINT_8( 0xC6, 0x8D, 0xE0, 0xE1, 0xA9, 0xF0, 0x35, 0x5D ),
+ BYTES_TO_T_UINT_8( 0xE6, 0xD4, 0xBA, 0x7B, 0xCC, 0x1B, 0x3A, 0x32 ),
+ BYTES_TO_T_UINT_8( 0xD0, 0x5A, 0x2E, 0x74, 0x47, 0x14, 0xC3, 0x4D ),
+ BYTES_TO_T_UINT_8( 0x7D, 0xF0, 0x8B, 0x06, 0x15, 0x8E, 0x0E, 0xCA ),
+ BYTES_TO_T_UINT_8( 0xB5, 0xD2, 0xEB, 0x97, 0x50, 0x7D, 0x31, 0xFC ),
+ BYTES_TO_T_UINT_8( 0x42, 0x93, 0x4C, 0xDB, 0x97, 0x79, 0x44, 0xF5 ),
+ BYTES_TO_T_UINT_8( 0x9C, 0xA2, 0xA0, 0x0B, 0xC8, 0x3A, 0x8A, 0xF9 ),
+ BYTES_TO_T_UINT_8( 0x61, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_13_Y[] = {
+ BYTES_TO_T_UINT_8( 0x79, 0x50, 0x92, 0x9E, 0x24, 0x1F, 0xCB, 0x4C ),
+ BYTES_TO_T_UINT_8( 0xD3, 0x16, 0xC9, 0xC5, 0x3D, 0x5A, 0xAF, 0x97 ),
+ BYTES_TO_T_UINT_8( 0x18, 0xE3, 0x97, 0xE4, 0xA8, 0x50, 0xF6, 0x7E ),
+ BYTES_TO_T_UINT_8( 0x45, 0x57, 0x97, 0x42, 0x78, 0x92, 0x49, 0x0D ),
+ BYTES_TO_T_UINT_8( 0xA5, 0xEB, 0x62, 0x24, 0xFB, 0x8F, 0x32, 0xCF ),
+ BYTES_TO_T_UINT_8( 0xF3, 0x0C, 0x36, 0x6E, 0x8F, 0xE8, 0xE8, 0x8E ),
+ BYTES_TO_T_UINT_8( 0xC2, 0xD3, 0x7C, 0xC7, 0x8D, 0x3F, 0x5C, 0xE1 ),
+ BYTES_TO_T_UINT_8( 0x6A, 0x64, 0x6A, 0x73, 0x10, 0x79, 0xB8, 0x5A ),
+ BYTES_TO_T_UINT_8( 0xCB, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_14_X[] = {
+ BYTES_TO_T_UINT_8( 0x51, 0xF9, 0xEF, 0xA5, 0x20, 0x4A, 0x5C, 0xA1 ),
+ BYTES_TO_T_UINT_8( 0x2F, 0xF3, 0xF4, 0x49, 0x5B, 0x73, 0xAA, 0x1B ),
+ BYTES_TO_T_UINT_8( 0xC6, 0xF2, 0xEA, 0x0F, 0x00, 0xAD, 0x53, 0xAB ),
+ BYTES_TO_T_UINT_8( 0x03, 0xB8, 0x66, 0xED, 0xC4, 0x2B, 0x4C, 0x35 ),
+ BYTES_TO_T_UINT_8( 0x3A, 0x2F, 0xC1, 0x9A, 0x37, 0xD2, 0x7F, 0x58 ),
+ BYTES_TO_T_UINT_8( 0x29, 0xA7, 0x81, 0x38, 0x64, 0xC9, 0x37, 0x38 ),
+ BYTES_TO_T_UINT_8( 0xBE, 0x3B, 0x6C, 0x9F, 0x5B, 0xD9, 0x8B, 0x1D ),
+ BYTES_TO_T_UINT_8( 0xB6, 0x14, 0xD9, 0x08, 0xD8, 0xD2, 0x7E, 0x23 ),
+ BYTES_TO_T_UINT_8( 0x1C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_14_Y[] = {
+ BYTES_TO_T_UINT_8( 0x15, 0x71, 0xE6, 0x3D, 0xD1, 0xB0, 0xE7, 0xCD ),
+ BYTES_TO_T_UINT_8( 0x5B, 0x81, 0x23, 0xEC, 0x2D, 0x42, 0x45, 0xE6 ),
+ BYTES_TO_T_UINT_8( 0x51, 0x5B, 0x44, 0x6B, 0x89, 0x03, 0x67, 0x28 ),
+ BYTES_TO_T_UINT_8( 0x84, 0x27, 0xAE, 0x80, 0x5A, 0x33, 0xBE, 0x11 ),
+ BYTES_TO_T_UINT_8( 0xE3, 0xB6, 0x64, 0x1A, 0xDF, 0xD3, 0x85, 0x91 ),
+ BYTES_TO_T_UINT_8( 0x67, 0x8C, 0x22, 0xBA, 0xD0, 0xBD, 0xCC, 0xA0 ),
+ BYTES_TO_T_UINT_8( 0xF7, 0x3C, 0x01, 0x3A, 0xFF, 0x9D, 0xC7, 0x6B ),
+ BYTES_TO_T_UINT_8( 0x0C, 0xC7, 0x64, 0xB4, 0x59, 0x4E, 0x9F, 0x22 ),
+ BYTES_TO_T_UINT_8( 0x85, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_15_X[] = {
+ BYTES_TO_T_UINT_8( 0xA1, 0x34, 0x0A, 0x41, 0x94, 0xA8, 0xF2, 0xB7 ),
+ BYTES_TO_T_UINT_8( 0xF6, 0xD4, 0xE4, 0xF0, 0x97, 0x45, 0x6D, 0xCA ),
+ BYTES_TO_T_UINT_8( 0x8F, 0x1F, 0x4D, 0x6D, 0xFE, 0xA0, 0xC4, 0x84 ),
+ BYTES_TO_T_UINT_8( 0x1D, 0x28, 0x5C, 0x40, 0xBB, 0x65, 0xD4, 0x42 ),
+ BYTES_TO_T_UINT_8( 0x98, 0xA8, 0x87, 0x35, 0x20, 0x3A, 0x89, 0x44 ),
+ BYTES_TO_T_UINT_8( 0xD6, 0xFD, 0x4F, 0xAB, 0x2D, 0xD1, 0xD0, 0xC0 ),
+ BYTES_TO_T_UINT_8( 0x86, 0xE8, 0x00, 0xFC, 0x69, 0x52, 0xF8, 0xD5 ),
+ BYTES_TO_T_UINT_8( 0xE1, 0x9A, 0x99, 0xE1, 0xDC, 0x9C, 0x3F, 0xD9 ),
+ BYTES_TO_T_UINT_8( 0x99, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_15_Y[] = {
+ BYTES_TO_T_UINT_8( 0x12, 0x08, 0x98, 0xD9, 0xCA, 0x73, 0xD5, 0xA9 ),
+ BYTES_TO_T_UINT_8( 0xB9, 0x2C, 0xE0, 0xA7, 0x3E, 0x91, 0xD7, 0x87 ),
+ BYTES_TO_T_UINT_8( 0x68, 0x04, 0xB0, 0x54, 0x09, 0xF4, 0x72, 0xB7 ),
+ BYTES_TO_T_UINT_8( 0xC8, 0xEE, 0x28, 0xCC, 0xE8, 0x50, 0x78, 0x20 ),
+ BYTES_TO_T_UINT_8( 0x0D, 0x91, 0x03, 0x76, 0xDB, 0x68, 0x24, 0x77 ),
+ BYTES_TO_T_UINT_8( 0x7A, 0xE0, 0x56, 0xB2, 0x5D, 0x12, 0xD3, 0xB5 ),
+ BYTES_TO_T_UINT_8( 0x0D, 0x42, 0x59, 0x8B, 0xDF, 0x67, 0xB5, 0xBE ),
+ BYTES_TO_T_UINT_8( 0xD1, 0xCC, 0xE5, 0x31, 0x53, 0x7A, 0x46, 0xB3 ),
+ BYTES_TO_T_UINT_8( 0xDA, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_16_X[] = {
+ BYTES_TO_T_UINT_8( 0xCC, 0x8D, 0x59, 0xB5, 0x1B, 0x0F, 0xF4, 0xAF ),
+ BYTES_TO_T_UINT_8( 0xD9, 0x2F, 0xD1, 0x2C, 0xE0, 0xD8, 0x04, 0xEF ),
+ BYTES_TO_T_UINT_8( 0xAC, 0xF4, 0xD7, 0xBA, 0xB0, 0xA3, 0x7E, 0xC9 ),
+ BYTES_TO_T_UINT_8( 0xCD, 0x08, 0x51, 0x56, 0xA6, 0x76, 0x67, 0x33 ),
+ BYTES_TO_T_UINT_8( 0x8C, 0x17, 0x63, 0xFE, 0x56, 0xD0, 0xD9, 0x71 ),
+ BYTES_TO_T_UINT_8( 0xAA, 0xF6, 0xC3, 0x14, 0x47, 0xC5, 0xA7, 0x31 ),
+ BYTES_TO_T_UINT_8( 0x72, 0x4C, 0x80, 0xF6, 0xA2, 0x57, 0xA7, 0x5D ),
+ BYTES_TO_T_UINT_8( 0x11, 0xB3, 0x7B, 0xF8, 0x2F, 0xE1, 0x3E, 0x7B ),
+ BYTES_TO_T_UINT_8( 0xFA, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_16_Y[] = {
+ BYTES_TO_T_UINT_8( 0x26, 0xF4, 0xF9, 0x6B, 0x7B, 0x90, 0xDF, 0x30 ),
+ BYTES_TO_T_UINT_8( 0x1F, 0x82, 0xEF, 0x62, 0xA1, 0x4C, 0x53, 0xCA ),
+ BYTES_TO_T_UINT_8( 0xE6, 0x99, 0x76, 0x01, 0xBA, 0x8D, 0x0F, 0x54 ),
+ BYTES_TO_T_UINT_8( 0xAF, 0xF4, 0x58, 0x73, 0x56, 0xFE, 0xDD, 0x7C ),
+ BYTES_TO_T_UINT_8( 0xF6, 0xCE, 0xF9, 0xE8, 0xA1, 0x34, 0xC3, 0x5B ),
+ BYTES_TO_T_UINT_8( 0x09, 0x5F, 0xDC, 0x6A, 0x3D, 0xD8, 0x7F, 0x42 ),
+ BYTES_TO_T_UINT_8( 0xC2, 0xF4, 0x51, 0xB8, 0xB8, 0xC1, 0xD7, 0x2F ),
+ BYTES_TO_T_UINT_8( 0xAE, 0x7D, 0x58, 0xD1, 0xD4, 0x1B, 0x4D, 0x23 ),
+ BYTES_TO_T_UINT_8( 0xD3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_17_X[] = {
+ BYTES_TO_T_UINT_8( 0xB9, 0x95, 0xDF, 0x00, 0xD8, 0x21, 0xDE, 0x94 ),
+ BYTES_TO_T_UINT_8( 0xF7, 0x47, 0x3C, 0xC3, 0xB2, 0x01, 0x53, 0x5D ),
+ BYTES_TO_T_UINT_8( 0x1E, 0x17, 0x43, 0x23, 0xBD, 0xCA, 0x71, 0xF2 ),
+ BYTES_TO_T_UINT_8( 0x70, 0xBA, 0x0F, 0x4F, 0xDC, 0x41, 0x54, 0xBE ),
+ BYTES_TO_T_UINT_8( 0xD6, 0x39, 0x26, 0x70, 0x53, 0x32, 0x18, 0x11 ),
+ BYTES_TO_T_UINT_8( 0x32, 0x46, 0x07, 0x97, 0x3A, 0x57, 0xE0, 0x01 ),
+ BYTES_TO_T_UINT_8( 0xD6, 0x92, 0x4F, 0xCE, 0xDF, 0x25, 0x80, 0x26 ),
+ BYTES_TO_T_UINT_8( 0x5B, 0x6F, 0x9A, 0x03, 0x05, 0x4B, 0xD1, 0x47 ),
+ BYTES_TO_T_UINT_8( 0x5D, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_17_Y[] = {
+ BYTES_TO_T_UINT_8( 0x25, 0x01, 0x72, 0x30, 0x90, 0x17, 0x51, 0x20 ),
+ BYTES_TO_T_UINT_8( 0x74, 0xFB, 0x41, 0x65, 0x5C, 0xB4, 0x2D, 0xEE ),
+ BYTES_TO_T_UINT_8( 0x66, 0xCD, 0xCD, 0xAA, 0x41, 0xCC, 0xBB, 0x07 ),
+ BYTES_TO_T_UINT_8( 0xD4, 0xCE, 0x08, 0x0A, 0x63, 0xE9, 0xA2, 0xFF ),
+ BYTES_TO_T_UINT_8( 0x3D, 0xA8, 0x21, 0x7F, 0x7A, 0x5B, 0x9B, 0x81 ),
+ BYTES_TO_T_UINT_8( 0x10, 0x6B, 0x89, 0x44, 0x0A, 0x7F, 0x85, 0x5F ),
+ BYTES_TO_T_UINT_8( 0x7D, 0xDE, 0x7C, 0x19, 0x5C, 0x65, 0x26, 0x61 ),
+ BYTES_TO_T_UINT_8( 0xD7, 0xAC, 0x62, 0x29, 0x4A, 0xF1, 0xD0, 0x81 ),
+ BYTES_TO_T_UINT_8( 0x38, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_18_X[] = {
+ BYTES_TO_T_UINT_8( 0x32, 0x00, 0x40, 0x87, 0xEB, 0xA9, 0x58, 0x56 ),
+ BYTES_TO_T_UINT_8( 0xAF, 0x51, 0x0B, 0xFF, 0x56, 0x35, 0x51, 0xB3 ),
+ BYTES_TO_T_UINT_8( 0x7B, 0xAC, 0x08, 0x94, 0x71, 0xDA, 0xEC, 0x99 ),
+ BYTES_TO_T_UINT_8( 0x5F, 0x4D, 0xC5, 0x7B, 0x31, 0x8B, 0x8D, 0x5E ),
+ BYTES_TO_T_UINT_8( 0x15, 0x05, 0xF1, 0x3E, 0x9E, 0x8F, 0x17, 0x8F ),
+ BYTES_TO_T_UINT_8( 0xF0, 0x9C, 0x4B, 0x62, 0x94, 0xAD, 0x49, 0xFC ),
+ BYTES_TO_T_UINT_8( 0x0F, 0xC9, 0xC6, 0x8F, 0xFD, 0x33, 0x44, 0x34 ),
+ BYTES_TO_T_UINT_8( 0x5F, 0x96, 0x17, 0x7F, 0x42, 0xBE, 0xF7, 0x0D ),
+ BYTES_TO_T_UINT_8( 0xD4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_18_Y[] = {
+ BYTES_TO_T_UINT_8( 0xFB, 0x29, 0x39, 0x13, 0x08, 0x8D, 0x91, 0x47 ),
+ BYTES_TO_T_UINT_8( 0xF6, 0x79, 0xF9, 0x2F, 0xA9, 0x0A, 0xCF, 0xD6 ),
+ BYTES_TO_T_UINT_8( 0xAB, 0x87, 0x7A, 0xA3, 0x19, 0xAB, 0x55, 0xAD ),
+ BYTES_TO_T_UINT_8( 0xE8, 0x0B, 0x01, 0xC5, 0x56, 0x19, 0x9D, 0x9E ),
+ BYTES_TO_T_UINT_8( 0x19, 0xDE, 0x82, 0x3B, 0xEA, 0xD3, 0x0B, 0x8C ),
+ BYTES_TO_T_UINT_8( 0x65, 0x6B, 0xC7, 0xF3, 0x0F, 0x82, 0x87, 0x6C ),
+ BYTES_TO_T_UINT_8( 0xD8, 0x2E, 0x23, 0xF2, 0x39, 0x9D, 0x49, 0x70 ),
+ BYTES_TO_T_UINT_8( 0x31, 0xDE, 0xAF, 0x7A, 0xEE, 0xB0, 0xDA, 0x70 ),
+ BYTES_TO_T_UINT_8( 0x63, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_19_X[] = {
+ BYTES_TO_T_UINT_8( 0x76, 0x4E, 0x2A, 0x50, 0xFD, 0x8E, 0xC0, 0xEB ),
+ BYTES_TO_T_UINT_8( 0x52, 0x0F, 0x7C, 0x76, 0x63, 0xD8, 0x89, 0x45 ),
+ BYTES_TO_T_UINT_8( 0xEC, 0x2D, 0xB9, 0x4E, 0xF4, 0xEE, 0x85, 0xCF ),
+ BYTES_TO_T_UINT_8( 0xC1, 0x95, 0x5C, 0x96, 0x5D, 0xAA, 0x59, 0x0B ),
+ BYTES_TO_T_UINT_8( 0xCA, 0xDB, 0xD2, 0x68, 0x8E, 0x5A, 0x94, 0x60 ),
+ BYTES_TO_T_UINT_8( 0xD9, 0x02, 0xBF, 0x77, 0x9F, 0xB9, 0x4C, 0xC9 ),
+ BYTES_TO_T_UINT_8( 0x2D, 0xDC, 0xC0, 0xCF, 0x81, 0x1E, 0xC4, 0x6C ),
+ BYTES_TO_T_UINT_8( 0x2B, 0xCC, 0x37, 0x86, 0xDC, 0xE2, 0x64, 0x72 ),
+ BYTES_TO_T_UINT_8( 0xD5, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_19_Y[] = {
+ BYTES_TO_T_UINT_8( 0x2C, 0x30, 0xB1, 0x59, 0x20, 0x9D, 0x98, 0x28 ),
+ BYTES_TO_T_UINT_8( 0x77, 0x0C, 0x9D, 0xF8, 0x20, 0xDC, 0x90, 0xBA ),
+ BYTES_TO_T_UINT_8( 0xB1, 0xA0, 0xF4, 0xE7, 0x3E, 0x9C, 0x9E, 0xA2 ),
+ BYTES_TO_T_UINT_8( 0xB5, 0x25, 0xA2, 0xB0, 0x54, 0xCD, 0x2E, 0x33 ),
+ BYTES_TO_T_UINT_8( 0xEA, 0xD9, 0x42, 0xB0, 0x80, 0xB0, 0xA3, 0x38 ),
+ BYTES_TO_T_UINT_8( 0x9F, 0xFE, 0x9D, 0x8D, 0x40, 0xFF, 0x27, 0x6D ),
+ BYTES_TO_T_UINT_8( 0x3A, 0x9D, 0xA6, 0x88, 0x3A, 0x8B, 0x6F, 0x14 ),
+ BYTES_TO_T_UINT_8( 0xB6, 0x39, 0xEE, 0x1F, 0x3F, 0xB1, 0x4F, 0x63 ),
+ BYTES_TO_T_UINT_8( 0x31, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_20_X[] = {
+ BYTES_TO_T_UINT_8( 0x6D, 0xD7, 0x9E, 0xFF, 0xD2, 0x35, 0x67, 0x03 ),
+ BYTES_TO_T_UINT_8( 0xCA, 0x4F, 0x15, 0x5D, 0xE3, 0xE8, 0x53, 0x86 ),
+ BYTES_TO_T_UINT_8( 0x92, 0xF7, 0x24, 0x98, 0xA2, 0xCB, 0x11, 0x68 ),
+ BYTES_TO_T_UINT_8( 0x06, 0x2E, 0x25, 0xE1, 0x94, 0xC5, 0xA3, 0x96 ),
+ BYTES_TO_T_UINT_8( 0xE0, 0x82, 0x6E, 0xBA, 0xE7, 0x43, 0x25, 0xB0 ),
+ BYTES_TO_T_UINT_8( 0x18, 0x65, 0xB4, 0x49, 0x73, 0x18, 0x35, 0x54 ),
+ BYTES_TO_T_UINT_8( 0x59, 0x5B, 0xBC, 0x62, 0x86, 0x4C, 0xC1, 0xB7 ),
+ BYTES_TO_T_UINT_8( 0x9B, 0xF2, 0x95, 0xA2, 0xBB, 0xA2, 0x35, 0x65 ),
+ BYTES_TO_T_UINT_8( 0xBF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_20_Y[] = {
+ BYTES_TO_T_UINT_8( 0x72, 0x59, 0x62, 0xB0, 0x4B, 0x1E, 0xB4, 0xD8 ),
+ BYTES_TO_T_UINT_8( 0x0D, 0x55, 0xCE, 0xB0, 0x69, 0xBA, 0x63, 0x10 ),
+ BYTES_TO_T_UINT_8( 0x6E, 0x69, 0x86, 0xDB, 0x34, 0x7D, 0x68, 0x64 ),
+ BYTES_TO_T_UINT_8( 0xDA, 0x06, 0xCA, 0x55, 0x44, 0x36, 0x2B, 0xBA ),
+ BYTES_TO_T_UINT_8( 0x6C, 0xD4, 0xC4, 0x3D, 0xCD, 0x9E, 0x69, 0xA4 ),
+ BYTES_TO_T_UINT_8( 0x3F, 0x44, 0xE4, 0xBF, 0x31, 0xE6, 0x40, 0x9F ),
+ BYTES_TO_T_UINT_8( 0x7E, 0x4F, 0xFA, 0x75, 0xE3, 0xFB, 0x97, 0x0E ),
+ BYTES_TO_T_UINT_8( 0x08, 0xC0, 0xBD, 0x1C, 0x48, 0xB0, 0x26, 0xD0 ),
+ BYTES_TO_T_UINT_8( 0xD2, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_21_X[] = {
+ BYTES_TO_T_UINT_8( 0x1C, 0x7B, 0x32, 0xFA, 0xF2, 0x6D, 0x84, 0x8E ),
+ BYTES_TO_T_UINT_8( 0xA0, 0x21, 0x03, 0x1D, 0x0D, 0x22, 0x55, 0x67 ),
+ BYTES_TO_T_UINT_8( 0x18, 0xF9, 0x42, 0x03, 0x9C, 0xC2, 0xCB, 0xBA ),
+ BYTES_TO_T_UINT_8( 0xF8, 0xA1, 0x96, 0xD9, 0x9D, 0x11, 0x6F, 0xBE ),
+ BYTES_TO_T_UINT_8( 0xFF, 0x40, 0x57, 0xEB, 0x40, 0x2D, 0xC0, 0x11 ),
+ BYTES_TO_T_UINT_8( 0x2F, 0x96, 0xBB, 0x4F, 0x2F, 0x23, 0xA8, 0x28 ),
+ BYTES_TO_T_UINT_8( 0x3A, 0x29, 0x85, 0x21, 0xA5, 0x50, 0x62, 0x06 ),
+ BYTES_TO_T_UINT_8( 0xC9, 0x7D, 0x92, 0xCF, 0x87, 0x0C, 0x22, 0xF9 ),
+ BYTES_TO_T_UINT_8( 0xC9, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_21_Y[] = {
+ BYTES_TO_T_UINT_8( 0x5A, 0x0E, 0xA5, 0x32, 0x5B, 0xDF, 0x9C, 0xD5 ),
+ BYTES_TO_T_UINT_8( 0x27, 0x96, 0x37, 0x2C, 0x88, 0x35, 0x30, 0xA1 ),
+ BYTES_TO_T_UINT_8( 0x40, 0xB4, 0x69, 0xFF, 0xEB, 0xC6, 0x94, 0x08 ),
+ BYTES_TO_T_UINT_8( 0xC9, 0x55, 0x60, 0xAD, 0xAA, 0x58, 0x14, 0x88 ),
+ BYTES_TO_T_UINT_8( 0x3C, 0xFF, 0xF2, 0xB2, 0xD5, 0xA7, 0xD9, 0x27 ),
+ BYTES_TO_T_UINT_8( 0x2D, 0xAE, 0x54, 0xD2, 0x60, 0x31, 0xF3, 0x15 ),
+ BYTES_TO_T_UINT_8( 0xBB, 0x92, 0x83, 0xE3, 0xF1, 0x42, 0x83, 0x6E ),
+ BYTES_TO_T_UINT_8( 0x49, 0xD2, 0xC8, 0xB7, 0x76, 0x45, 0x7F, 0x7D ),
+ BYTES_TO_T_UINT_8( 0x04, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_22_X[] = {
+ BYTES_TO_T_UINT_8( 0x4A, 0x11, 0xA4, 0xFB, 0x7A, 0x01, 0xBC, 0xC8 ),
+ BYTES_TO_T_UINT_8( 0xCD, 0x27, 0x73, 0x8D, 0x02, 0x91, 0x27, 0x8E ),
+ BYTES_TO_T_UINT_8( 0xA4, 0x62, 0xF6, 0xDD, 0x6B, 0xFA, 0x5B, 0xB9 ),
+ BYTES_TO_T_UINT_8( 0xEF, 0xCA, 0xA2, 0x44, 0x2C, 0xF0, 0x28, 0xD8 ),
+ BYTES_TO_T_UINT_8( 0x3C, 0xF1, 0x7A, 0xA2, 0x42, 0x4C, 0x50, 0xC6 ),
+ BYTES_TO_T_UINT_8( 0x2D, 0x83, 0x3E, 0x50, 0xAB, 0x9C, 0xF7, 0x67 ),
+ BYTES_TO_T_UINT_8( 0x1D, 0xED, 0x78, 0xCB, 0x76, 0x69, 0xDA, 0x42 ),
+ BYTES_TO_T_UINT_8( 0xDB, 0x01, 0x1E, 0x43, 0x27, 0x47, 0x6E, 0xDA ),
+ BYTES_TO_T_UINT_8( 0x94, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_22_Y[] = {
+ BYTES_TO_T_UINT_8( 0xD3, 0x4F, 0x54, 0xB9, 0x3E, 0xBD, 0xD5, 0x44 ),
+ BYTES_TO_T_UINT_8( 0xC9, 0x35, 0x40, 0x69, 0x7F, 0x74, 0x9D, 0x32 ),
+ BYTES_TO_T_UINT_8( 0x5A, 0x06, 0x6F, 0x67, 0x68, 0x2B, 0x4D, 0x10 ),
+ BYTES_TO_T_UINT_8( 0xC6, 0x65, 0x41, 0xFC, 0x7C, 0x1E, 0xE8, 0xC8 ),
+ BYTES_TO_T_UINT_8( 0xF2, 0x79, 0x37, 0xAF, 0xFD, 0xD2, 0xDA, 0x4C ),
+ BYTES_TO_T_UINT_8( 0x33, 0xA8, 0x69, 0x56, 0x62, 0xA4, 0xE4, 0xA3 ),
+ BYTES_TO_T_UINT_8( 0x42, 0x71, 0x73, 0x21, 0x8A, 0x17, 0x81, 0xA2 ),
+ BYTES_TO_T_UINT_8( 0x14, 0x55, 0x8F, 0x7B, 0xB8, 0xAF, 0xF7, 0x86 ),
+ BYTES_TO_T_UINT_8( 0xAA, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_23_X[] = {
+ BYTES_TO_T_UINT_8( 0x4B, 0xD1, 0xBD, 0xBE, 0x8C, 0xBC, 0x60, 0x6E ),
+ BYTES_TO_T_UINT_8( 0x62, 0xA6, 0x57, 0x8C, 0xAE, 0x5C, 0x19, 0xFE ),
+ BYTES_TO_T_UINT_8( 0x7A, 0x43, 0xE4, 0xD9, 0xD8, 0x7B, 0xE7, 0x41 ),
+ BYTES_TO_T_UINT_8( 0xED, 0xB9, 0xE4, 0x85, 0x7C, 0x2E, 0xFC, 0x20 ),
+ BYTES_TO_T_UINT_8( 0x02, 0x2E, 0x01, 0x2A, 0x6D, 0x56, 0xBE, 0x97 ),
+ BYTES_TO_T_UINT_8( 0x6A, 0x0C, 0x25, 0x9B, 0xAE, 0x86, 0x37, 0x43 ),
+ BYTES_TO_T_UINT_8( 0x4A, 0x22, 0xB3, 0xCB, 0x99, 0x66, 0xB7, 0x9E ),
+ BYTES_TO_T_UINT_8( 0x56, 0xF7, 0x90, 0xF0, 0x1B, 0x09, 0x27, 0xF7 ),
+ BYTES_TO_T_UINT_8( 0xC8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_23_Y[] = {
+ BYTES_TO_T_UINT_8( 0x1C, 0x16, 0x08, 0xEF, 0x39, 0x64, 0x49, 0x31 ),
+ BYTES_TO_T_UINT_8( 0x08, 0xA0, 0xE3, 0x97, 0xA9, 0x07, 0x54, 0x26 ),
+ BYTES_TO_T_UINT_8( 0xCD, 0xFF, 0xE2, 0x00, 0x07, 0x21, 0x88, 0x20 ),
+ BYTES_TO_T_UINT_8( 0x16, 0xFD, 0x59, 0x53, 0x05, 0x6C, 0x42, 0x27 ),
+ BYTES_TO_T_UINT_8( 0x8F, 0xF7, 0x39, 0x5C, 0x82, 0x36, 0xE8, 0x03 ),
+ BYTES_TO_T_UINT_8( 0x2E, 0x83, 0xA8, 0xE2, 0xA8, 0x43, 0x07, 0x38 ),
+ BYTES_TO_T_UINT_8( 0xE6, 0xAF, 0x2B, 0x79, 0xED, 0xD8, 0x39, 0x87 ),
+ BYTES_TO_T_UINT_8( 0x15, 0x20, 0x91, 0x7A, 0xC4, 0x07, 0xEF, 0x6C ),
+ BYTES_TO_T_UINT_8( 0x28, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_24_X[] = {
+ BYTES_TO_T_UINT_8( 0x6A, 0x10, 0x2F, 0xAA, 0x0C, 0x94, 0x0E, 0x5A ),
+ BYTES_TO_T_UINT_8( 0xB7, 0x81, 0x87, 0x41, 0x23, 0xEB, 0x55, 0x7C ),
+ BYTES_TO_T_UINT_8( 0xB8, 0x53, 0xCC, 0x79, 0xB6, 0xEB, 0x6C, 0xCC ),
+ BYTES_TO_T_UINT_8( 0xF4, 0x77, 0x73, 0x9D, 0xFC, 0x64, 0x6F, 0x7F ),
+ BYTES_TO_T_UINT_8( 0x3C, 0x40, 0xE3, 0x6D, 0x1C, 0x16, 0x71, 0x15 ),
+ BYTES_TO_T_UINT_8( 0x5A, 0xF4, 0x1B, 0xFF, 0x1C, 0x2F, 0xA5, 0xD7 ),
+ BYTES_TO_T_UINT_8( 0x06, 0x0E, 0x0B, 0x11, 0xF4, 0x8D, 0x93, 0xAF ),
+ BYTES_TO_T_UINT_8( 0x58, 0xC5, 0x64, 0x6F, 0x24, 0x19, 0xF2, 0x9B ),
+ BYTES_TO_T_UINT_8( 0x1C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_24_Y[] = {
+ BYTES_TO_T_UINT_8( 0x52, 0xB3, 0xAF, 0xA5, 0x0E, 0x4F, 0x5E, 0xE1 ),
+ BYTES_TO_T_UINT_8( 0x0F, 0x77, 0xCA, 0xF2, 0x6D, 0xC5, 0xF6, 0x9F ),
+ BYTES_TO_T_UINT_8( 0x90, 0x18, 0x8E, 0x33, 0x68, 0x6C, 0xE8, 0xE0 ),
+ BYTES_TO_T_UINT_8( 0xFC, 0x8B, 0x80, 0x90, 0x19, 0x7F, 0x90, 0x96 ),
+ BYTES_TO_T_UINT_8( 0x5B, 0x80, 0x6B, 0x68, 0xE2, 0x7D, 0xD4, 0xD0 ),
+ BYTES_TO_T_UINT_8( 0x2A, 0xC1, 0x67, 0xB3, 0x72, 0xCB, 0xBF, 0x2F ),
+ BYTES_TO_T_UINT_8( 0x4F, 0xD5, 0xD3, 0x1D, 0x14, 0x58, 0x0A, 0x80 ),
+ BYTES_TO_T_UINT_8( 0x79, 0x7A, 0x65, 0x98, 0xB3, 0x07, 0x4B, 0x2F ),
+ BYTES_TO_T_UINT_8( 0xF3, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_25_X[] = {
+ BYTES_TO_T_UINT_8( 0x2A, 0x87, 0x0F, 0x5F, 0xCF, 0xA2, 0x01, 0x08 ),
+ BYTES_TO_T_UINT_8( 0x0C, 0xC9, 0xC8, 0x6E, 0x35, 0x87, 0xA5, 0x67 ),
+ BYTES_TO_T_UINT_8( 0x94, 0x3E, 0x91, 0xA0, 0xAB, 0x24, 0x1E, 0xF2 ),
+ BYTES_TO_T_UINT_8( 0xB9, 0xBC, 0x02, 0x35, 0x70, 0xC1, 0x5F, 0x98 ),
+ BYTES_TO_T_UINT_8( 0x26, 0x59, 0xA0, 0x50, 0x04, 0x80, 0x52, 0x85 ),
+ BYTES_TO_T_UINT_8( 0xF8, 0x56, 0x6E, 0x42, 0x8F, 0x8C, 0x91, 0x65 ),
+ BYTES_TO_T_UINT_8( 0xAC, 0xA2, 0xCB, 0xA5, 0xDE, 0x14, 0x24, 0x38 ),
+ BYTES_TO_T_UINT_8( 0x00, 0xCB, 0x74, 0x28, 0xE6, 0xA7, 0xE7, 0xC3 ),
+ BYTES_TO_T_UINT_8( 0x5F, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_25_Y[] = {
+ BYTES_TO_T_UINT_8( 0x35, 0x73, 0xA8, 0x8F, 0x9E, 0x0E, 0x63, 0x96 ),
+ BYTES_TO_T_UINT_8( 0xC8, 0x1B, 0x77, 0xC7, 0xC1, 0x38, 0xF9, 0xDC ),
+ BYTES_TO_T_UINT_8( 0xD8, 0x3C, 0xCF, 0xA8, 0x7A, 0xD7, 0xF3, 0xC4 ),
+ BYTES_TO_T_UINT_8( 0xDD, 0x5F, 0x9A, 0xC9, 0xAD, 0xE9, 0x1A, 0x93 ),
+ BYTES_TO_T_UINT_8( 0xFC, 0xCF, 0x2B, 0x5E, 0xD5, 0x81, 0x95, 0xA8 ),
+ BYTES_TO_T_UINT_8( 0x19, 0x88, 0x75, 0x29, 0x1F, 0xC7, 0xC7, 0xD0 ),
+ BYTES_TO_T_UINT_8( 0xD8, 0xA9, 0x5A, 0x4D, 0x63, 0x95, 0xF9, 0x4E ),
+ BYTES_TO_T_UINT_8( 0xEB, 0xCD, 0x04, 0x8F, 0xCD, 0x91, 0xDE, 0xC6 ),
+ BYTES_TO_T_UINT_8( 0x71, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_26_X[] = {
+ BYTES_TO_T_UINT_8( 0x88, 0xD4, 0xFD, 0x25, 0x11, 0x99, 0x6E, 0xEA ),
+ BYTES_TO_T_UINT_8( 0xB0, 0x83, 0x01, 0x3D, 0xFB, 0x56, 0xA5, 0x4E ),
+ BYTES_TO_T_UINT_8( 0xC2, 0x3A, 0xDC, 0x74, 0xC2, 0xD7, 0xCF, 0xE8 ),
+ BYTES_TO_T_UINT_8( 0x8F, 0xBD, 0xF1, 0xDD, 0xA3, 0x07, 0x03, 0xE2 ),
+ BYTES_TO_T_UINT_8( 0x7B, 0xBE, 0xE9, 0x2E, 0x58, 0x84, 0x66, 0xFC ),
+ BYTES_TO_T_UINT_8( 0x71, 0x20, 0x78, 0x37, 0x79, 0x0B, 0xA6, 0x64 ),
+ BYTES_TO_T_UINT_8( 0xE3, 0xF2, 0xAC, 0x65, 0xC8, 0xC9, 0x2F, 0x61 ),
+ BYTES_TO_T_UINT_8( 0x26, 0x93, 0xE5, 0x0D, 0x0C, 0xC6, 0xB8, 0xCB ),
+ BYTES_TO_T_UINT_8( 0x9C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_26_Y[] = {
+ BYTES_TO_T_UINT_8( 0x69, 0xAD, 0x5C, 0x19, 0x12, 0x61, 0x0E, 0x25 ),
+ BYTES_TO_T_UINT_8( 0x39, 0x4F, 0x0B, 0x1F, 0x49, 0x7E, 0xCD, 0x81 ),
+ BYTES_TO_T_UINT_8( 0x46, 0x2E, 0x30, 0x61, 0xDB, 0x08, 0x68, 0x9B ),
+ BYTES_TO_T_UINT_8( 0x41, 0x78, 0xAF, 0xB3, 0x08, 0xC1, 0x69, 0xE5 ),
+ BYTES_TO_T_UINT_8( 0xC4, 0x5F, 0x5D, 0xC1, 0x57, 0x6F, 0xD8, 0x34 ),
+ BYTES_TO_T_UINT_8( 0x38, 0xD3, 0x6A, 0xF7, 0xFD, 0x86, 0xE5, 0xB3 ),
+ BYTES_TO_T_UINT_8( 0xA8, 0x63, 0xBD, 0x70, 0x7B, 0x47, 0xE8, 0x6D ),
+ BYTES_TO_T_UINT_8( 0x18, 0x62, 0xC8, 0x7E, 0x9D, 0x11, 0x2B, 0xA5 ),
+ BYTES_TO_T_UINT_8( 0xB6, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_27_X[] = {
+ BYTES_TO_T_UINT_8( 0xE2, 0x84, 0xFD, 0xD5, 0x9A, 0x56, 0x7F, 0x5C ),
+ BYTES_TO_T_UINT_8( 0x7C, 0xBB, 0xA4, 0x6F, 0x12, 0x6E, 0x4D, 0xF8 ),
+ BYTES_TO_T_UINT_8( 0x1D, 0x08, 0xA1, 0x82, 0x9C, 0x62, 0x74, 0x7B ),
+ BYTES_TO_T_UINT_8( 0x9E, 0x58, 0x22, 0x05, 0x1D, 0x15, 0x35, 0x79 ),
+ BYTES_TO_T_UINT_8( 0x9A, 0x88, 0xCF, 0x5C, 0x05, 0x78, 0xFB, 0x94 ),
+ BYTES_TO_T_UINT_8( 0xAC, 0x6B, 0x2F, 0x79, 0x09, 0x73, 0x67, 0xEC ),
+ BYTES_TO_T_UINT_8( 0xD8, 0xA0, 0x80, 0xD8, 0xE8, 0xEC, 0xFB, 0x42 ),
+ BYTES_TO_T_UINT_8( 0xF5, 0xE7, 0x0B, 0xB7, 0x81, 0x48, 0x7B, 0xD9 ),
+ BYTES_TO_T_UINT_8( 0xE3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_27_Y[] = {
+ BYTES_TO_T_UINT_8( 0xE8, 0x53, 0xA9, 0xED, 0x61, 0x92, 0xD7, 0x85 ),
+ BYTES_TO_T_UINT_8( 0x26, 0x49, 0xD9, 0x5D, 0x9B, 0x4E, 0x89, 0x35 ),
+ BYTES_TO_T_UINT_8( 0xB8, 0x12, 0xEB, 0x9A, 0xC9, 0xCB, 0xC1, 0x95 ),
+ BYTES_TO_T_UINT_8( 0x35, 0xDC, 0x95, 0x16, 0xFE, 0x29, 0x70, 0x01 ),
+ BYTES_TO_T_UINT_8( 0x64, 0x33, 0xB1, 0xD6, 0x78, 0xB9, 0xE2, 0x36 ),
+ BYTES_TO_T_UINT_8( 0x34, 0xCE, 0x88, 0xC3, 0xFD, 0x7A, 0x6B, 0xB8 ),
+ BYTES_TO_T_UINT_8( 0x40, 0x1E, 0x50, 0x1E, 0xAF, 0xB1, 0x25, 0x2D ),
+ BYTES_TO_T_UINT_8( 0xC1, 0xE7, 0xD7, 0xD5, 0xBD, 0x7A, 0x12, 0xF9 ),
+ BYTES_TO_T_UINT_8( 0x31, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_28_X[] = {
+ BYTES_TO_T_UINT_8( 0x22, 0xAA, 0xA2, 0x80, 0x5D, 0x8F, 0xCD, 0xC8 ),
+ BYTES_TO_T_UINT_8( 0x48, 0x39, 0x79, 0x64, 0xA1, 0x67, 0x3C, 0xB7 ),
+ BYTES_TO_T_UINT_8( 0x3D, 0xC7, 0x49, 0xFF, 0x7F, 0xAC, 0xAB, 0x55 ),
+ BYTES_TO_T_UINT_8( 0x81, 0x54, 0x3E, 0x83, 0xF0, 0x3D, 0xBC, 0xB5 ),
+ BYTES_TO_T_UINT_8( 0x87, 0x92, 0x4A, 0x38, 0x42, 0x8A, 0xAB, 0xF6 ),
+ BYTES_TO_T_UINT_8( 0xE7, 0x0B, 0x4F, 0xEE, 0x9E, 0x92, 0xA5, 0xBE ),
+ BYTES_TO_T_UINT_8( 0xBA, 0xDD, 0x19, 0x96, 0xF2, 0xF0, 0x6B, 0x2E ),
+ BYTES_TO_T_UINT_8( 0xBE, 0xFC, 0xDD, 0xB2, 0x8A, 0xE5, 0x4C, 0x22 ),
+ BYTES_TO_T_UINT_8( 0xD4, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_28_Y[] = {
+ BYTES_TO_T_UINT_8( 0xB7, 0x06, 0x49, 0xAC, 0x99, 0x7E, 0xF8, 0x12 ),
+ BYTES_TO_T_UINT_8( 0x76, 0xC8, 0x01, 0x51, 0xEA, 0xF6, 0x52, 0xE7 ),
+ BYTES_TO_T_UINT_8( 0x43, 0x89, 0x66, 0x2B, 0x1F, 0x9B, 0x2A, 0xA3 ),
+ BYTES_TO_T_UINT_8( 0xDF, 0x0F, 0x95, 0x07, 0x2B, 0x6C, 0x6E, 0x9E ),
+ BYTES_TO_T_UINT_8( 0x24, 0xC3, 0xB4, 0xBB, 0x91, 0x1F, 0xA3, 0x72 ),
+ BYTES_TO_T_UINT_8( 0x5F, 0x6E, 0x54, 0x28, 0x7B, 0x9C, 0x79, 0x2E ),
+ BYTES_TO_T_UINT_8( 0x03, 0x45, 0xFF, 0xA6, 0xDA, 0xA2, 0x83, 0x71 ),
+ BYTES_TO_T_UINT_8( 0xEB, 0xDE, 0x8F, 0x17, 0x37, 0x82, 0xCB, 0xE2 ),
+ BYTES_TO_T_UINT_8( 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_29_X[] = {
+ BYTES_TO_T_UINT_8( 0xD8, 0x94, 0x3F, 0x26, 0xC9, 0x1D, 0xD9, 0xAE ),
+ BYTES_TO_T_UINT_8( 0x09, 0x97, 0x28, 0x20, 0xCD, 0xC1, 0xF3, 0x40 ),
+ BYTES_TO_T_UINT_8( 0x95, 0xC9, 0xB5, 0x60, 0x9B, 0x1E, 0xDC, 0x74 ),
+ BYTES_TO_T_UINT_8( 0x5B, 0xB9, 0x5B, 0x7D, 0xA0, 0xB2, 0x8C, 0xF0 ),
+ BYTES_TO_T_UINT_8( 0x33, 0xD1, 0x42, 0xE6, 0x39, 0x33, 0x6D, 0xBB ),
+ BYTES_TO_T_UINT_8( 0x5D, 0xC0, 0xFC, 0xD2, 0x14, 0x5D, 0x3E, 0x3C ),
+ BYTES_TO_T_UINT_8( 0x78, 0x4A, 0x3E, 0x40, 0x16, 0x93, 0x15, 0xCF ),
+ BYTES_TO_T_UINT_8( 0xFA, 0x24, 0xC1, 0x27, 0x27, 0xE5, 0x4B, 0xD8 ),
+ BYTES_TO_T_UINT_8( 0xD4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_29_Y[] = {
+ BYTES_TO_T_UINT_8( 0x1D, 0x50, 0xD8, 0xBC, 0xC1, 0x46, 0x22, 0xBB ),
+ BYTES_TO_T_UINT_8( 0xAD, 0x0E, 0x60, 0xA1, 0xB3, 0x50, 0xD4, 0x86 ),
+ BYTES_TO_T_UINT_8( 0x80, 0xB1, 0x26, 0xB6, 0x6D, 0x47, 0x5A, 0x6F ),
+ BYTES_TO_T_UINT_8( 0x45, 0xAC, 0x11, 0x35, 0x3E, 0xB9, 0xF4, 0x01 ),
+ BYTES_TO_T_UINT_8( 0x58, 0x97, 0xFA, 0xBB, 0x6B, 0x39, 0x13, 0xD8 ),
+ BYTES_TO_T_UINT_8( 0x15, 0x7B, 0x34, 0x12, 0x75, 0x8E, 0x9B, 0xC6 ),
+ BYTES_TO_T_UINT_8( 0x2C, 0x9E, 0xCD, 0x29, 0xB6, 0xEF, 0x8D, 0x10 ),
+ BYTES_TO_T_UINT_8( 0x47, 0xAC, 0xE9, 0x25, 0x27, 0xBB, 0x78, 0x47 ),
+ BYTES_TO_T_UINT_8( 0x2F, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_30_X[] = {
+ BYTES_TO_T_UINT_8( 0x30, 0x7A, 0xA8, 0xD3, 0xE3, 0x66, 0xE5, 0x66 ),
+ BYTES_TO_T_UINT_8( 0x2F, 0x4C, 0xC4, 0x2C, 0x76, 0x81, 0x50, 0x32 ),
+ BYTES_TO_T_UINT_8( 0xEE, 0x71, 0x08, 0xB8, 0x52, 0x7C, 0xAF, 0xDC ),
+ BYTES_TO_T_UINT_8( 0x45, 0x59, 0x24, 0xDD, 0xFB, 0x2F, 0xD0, 0xDA ),
+ BYTES_TO_T_UINT_8( 0xB7, 0xCD, 0x56, 0xE9, 0xAC, 0x91, 0xE6, 0xB9 ),
+ BYTES_TO_T_UINT_8( 0xE5, 0x64, 0x20, 0xC6, 0x9F, 0xE4, 0xEF, 0xDF ),
+ BYTES_TO_T_UINT_8( 0x6D, 0x2C, 0x8F, 0x8C, 0x97, 0xF6, 0x22, 0xC3 ),
+ BYTES_TO_T_UINT_8( 0xAC, 0xF4, 0x88, 0xAA, 0xA8, 0xD7, 0xA5, 0x68 ),
+ BYTES_TO_T_UINT_8( 0xDE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_30_Y[] = {
+ BYTES_TO_T_UINT_8( 0x21, 0x6C, 0xAE, 0x83, 0xB1, 0x55, 0x55, 0xEE ),
+ BYTES_TO_T_UINT_8( 0xB0, 0x67, 0x84, 0x47, 0x7C, 0x83, 0x5C, 0x89 ),
+ BYTES_TO_T_UINT_8( 0x5B, 0x10, 0x4D, 0xDD, 0x30, 0x60, 0xB0, 0xE6 ),
+ BYTES_TO_T_UINT_8( 0x59, 0xA7, 0x36, 0x76, 0x24, 0x32, 0x9F, 0x9D ),
+ BYTES_TO_T_UINT_8( 0xDD, 0x42, 0x81, 0xFB, 0xA4, 0x2E, 0x13, 0x68 ),
+ BYTES_TO_T_UINT_8( 0x87, 0x94, 0x91, 0xFF, 0x99, 0xA0, 0x09, 0x61 ),
+ BYTES_TO_T_UINT_8( 0x5D, 0x83, 0xA1, 0x76, 0xAF, 0x37, 0x5C, 0x77 ),
+ BYTES_TO_T_UINT_8( 0x1E, 0xA8, 0x04, 0x86, 0xC4, 0xA9, 0x79, 0x42 ),
+ BYTES_TO_T_UINT_8( 0x93, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_31_X[] = {
+ BYTES_TO_T_UINT_8( 0xB6, 0x8C, 0xC2, 0x34, 0xFB, 0x83, 0x28, 0x27 ),
+ BYTES_TO_T_UINT_8( 0xA4, 0x03, 0x7D, 0x5E, 0x9E, 0x0E, 0xB0, 0x22 ),
+ BYTES_TO_T_UINT_8( 0xA2, 0x02, 0x46, 0x7F, 0xB9, 0xAC, 0xBB, 0x23 ),
+ BYTES_TO_T_UINT_8( 0x06, 0xED, 0x48, 0xC2, 0x96, 0x4D, 0x56, 0x27 ),
+ BYTES_TO_T_UINT_8( 0x44, 0xB5, 0xC5, 0xD1, 0xE6, 0x1C, 0x7E, 0x9B ),
+ BYTES_TO_T_UINT_8( 0x92, 0x2E, 0x18, 0x71, 0x2D, 0x7B, 0xD7, 0xB3 ),
+ BYTES_TO_T_UINT_8( 0xAB, 0x46, 0x9D, 0xDE, 0xAA, 0x78, 0x8E, 0xB1 ),
+ BYTES_TO_T_UINT_8( 0x4D, 0xD7, 0x69, 0x2E, 0xE1, 0xD9, 0x48, 0xDE ),
+ BYTES_TO_T_UINT_8( 0xFB, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp521r1_T_31_Y[] = {
+ BYTES_TO_T_UINT_8( 0xAF, 0xFF, 0x9E, 0x09, 0x22, 0x22, 0xE6, 0x8D ),
+ BYTES_TO_T_UINT_8( 0x6C, 0x14, 0x28, 0x13, 0x1B, 0x62, 0x12, 0x22 ),
+ BYTES_TO_T_UINT_8( 0xCC, 0x7F, 0x67, 0x03, 0xB0, 0xC0, 0xF3, 0x05 ),
+ BYTES_TO_T_UINT_8( 0xC0, 0xC3, 0x0F, 0xFB, 0x25, 0x48, 0x3E, 0xF4 ),
+ BYTES_TO_T_UINT_8( 0x0B, 0x6E, 0x53, 0x98, 0x36, 0xB3, 0xD3, 0x94 ),
+ BYTES_TO_T_UINT_8( 0xEB, 0x81, 0x54, 0x22, 0xA4, 0xCC, 0xC1, 0x22 ),
+ BYTES_TO_T_UINT_8( 0xF5, 0xBA, 0xFC, 0xA9, 0xDF, 0x68, 0x86, 0x2B ),
+ BYTES_TO_T_UINT_8( 0x71, 0x92, 0x0E, 0xC3, 0xF2, 0x58, 0xE8, 0x51 ),
+ BYTES_TO_T_UINT_8( 0xE9, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_ecp_point secp521r1_T[32] = {
+ ECP_POINT_INIT_XY_Z1(secp521r1_T_0_X, secp521r1_T_0_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_1_X, secp521r1_T_1_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_2_X, secp521r1_T_2_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_3_X, secp521r1_T_3_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_4_X, secp521r1_T_4_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_5_X, secp521r1_T_5_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_6_X, secp521r1_T_6_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_7_X, secp521r1_T_7_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_8_X, secp521r1_T_8_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_9_X, secp521r1_T_9_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_10_X, secp521r1_T_10_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_11_X, secp521r1_T_11_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_12_X, secp521r1_T_12_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_13_X, secp521r1_T_13_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_14_X, secp521r1_T_14_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_15_X, secp521r1_T_15_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_16_X, secp521r1_T_16_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_17_X, secp521r1_T_17_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_18_X, secp521r1_T_18_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_19_X, secp521r1_T_19_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_20_X, secp521r1_T_20_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_21_X, secp521r1_T_21_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_22_X, secp521r1_T_22_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_23_X, secp521r1_T_23_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_24_X, secp521r1_T_24_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_25_X, secp521r1_T_25_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_26_X, secp521r1_T_26_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_27_X, secp521r1_T_27_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_28_X, secp521r1_T_28_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_29_X, secp521r1_T_29_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_30_X, secp521r1_T_30_Y),
+ ECP_POINT_INIT_XY_Z0(secp521r1_T_31_X, secp521r1_T_31_Y),
+};
+#else
+#define secp521r1_T NULL
+#endif
#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
@@ -323,6 +2254,190 @@
BYTES_TO_T_UINT_8( 0x17, 0xFC, 0xF2, 0x26, 0xFE, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
};
+
+#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
+static const mbedtls_mpi_uint secp192k1_T_0_X[] = {
+ BYTES_TO_T_UINT_8( 0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D ),
+ BYTES_TO_T_UINT_8( 0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26 ),
+ BYTES_TO_T_UINT_8( 0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB ),
+};
+static const mbedtls_mpi_uint secp192k1_T_0_Y[] = {
+ BYTES_TO_T_UINT_8( 0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40 ),
+ BYTES_TO_T_UINT_8( 0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84 ),
+ BYTES_TO_T_UINT_8( 0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B ),
+};
+static const mbedtls_mpi_uint secp192k1_T_1_X[] = {
+ BYTES_TO_T_UINT_8( 0x6F, 0x77, 0x3D, 0x0D, 0x85, 0x48, 0xA8, 0xA9 ),
+ BYTES_TO_T_UINT_8( 0x62, 0x07, 0xDF, 0x1D, 0xB3, 0xB3, 0x01, 0x54 ),
+ BYTES_TO_T_UINT_8( 0x05, 0x86, 0xF6, 0xAF, 0x19, 0x2A, 0x88, 0x2E ),
+};
+static const mbedtls_mpi_uint secp192k1_T_1_Y[] = {
+ BYTES_TO_T_UINT_8( 0x33, 0x90, 0xB6, 0x2F, 0x48, 0x36, 0x4C, 0x5B ),
+ BYTES_TO_T_UINT_8( 0xDB, 0x11, 0x14, 0xA6, 0xCB, 0xBA, 0x15, 0xD9 ),
+ BYTES_TO_T_UINT_8( 0x7E, 0xB0, 0xF2, 0xD4, 0xC9, 0xDA, 0xBA, 0xD7 ),
+};
+static const mbedtls_mpi_uint secp192k1_T_2_X[] = {
+ BYTES_TO_T_UINT_8( 0xE4, 0xC1, 0x9C, 0xE6, 0xBB, 0xFB, 0xCF, 0x23 ),
+ BYTES_TO_T_UINT_8( 0x93, 0x19, 0xAC, 0x5A, 0xC9, 0x8A, 0x1C, 0x75 ),
+ BYTES_TO_T_UINT_8( 0xC1, 0xF6, 0x76, 0x86, 0x89, 0x27, 0x8D, 0x28 ),
+};
+static const mbedtls_mpi_uint secp192k1_T_2_Y[] = {
+ BYTES_TO_T_UINT_8( 0x4B, 0xE0, 0x6F, 0x34, 0xBA, 0x5E, 0xD3, 0x96 ),
+ BYTES_TO_T_UINT_8( 0x6A, 0xDC, 0xA6, 0x87, 0xC9, 0x9D, 0xC0, 0x82 ),
+ BYTES_TO_T_UINT_8( 0x09, 0x11, 0x7E, 0xD6, 0xF7, 0x33, 0xFC, 0xE4 ),
+};
+static const mbedtls_mpi_uint secp192k1_T_3_X[] = {
+ BYTES_TO_T_UINT_8( 0xC2, 0x37, 0x3E, 0xC0, 0x7F, 0x62, 0xE7, 0x54 ),
+ BYTES_TO_T_UINT_8( 0xA5, 0x3B, 0x69, 0x9D, 0x44, 0xBC, 0x82, 0x99 ),
+ BYTES_TO_T_UINT_8( 0xD4, 0x84, 0xB3, 0x5F, 0x2B, 0xA5, 0x9E, 0x2C ),
+};
+static const mbedtls_mpi_uint secp192k1_T_3_Y[] = {
+ BYTES_TO_T_UINT_8( 0x1D, 0x95, 0xEB, 0x4C, 0x04, 0xB4, 0xF4, 0x75 ),
+ BYTES_TO_T_UINT_8( 0x55, 0xAD, 0x4B, 0xD5, 0x9A, 0xEB, 0xC4, 0x4E ),
+ BYTES_TO_T_UINT_8( 0xC9, 0xB1, 0xC5, 0x59, 0xE3, 0xD5, 0x16, 0x2A ),
+};
+static const mbedtls_mpi_uint secp192k1_T_4_X[] = {
+ BYTES_TO_T_UINT_8( 0x48, 0x2A, 0xCC, 0xAC, 0xD0, 0xEE, 0x50, 0xEC ),
+ BYTES_TO_T_UINT_8( 0x99, 0x83, 0xE0, 0x5B, 0x14, 0x44, 0x52, 0x20 ),
+ BYTES_TO_T_UINT_8( 0xD6, 0x15, 0x2D, 0x78, 0xF6, 0x51, 0x32, 0xCF ),
+};
+static const mbedtls_mpi_uint secp192k1_T_4_Y[] = {
+ BYTES_TO_T_UINT_8( 0x86, 0x36, 0x9B, 0xDD, 0xF8, 0xDD, 0xEF, 0xB2 ),
+ BYTES_TO_T_UINT_8( 0x0B, 0xB1, 0x6A, 0x2B, 0xAF, 0xEB, 0x2B, 0xB1 ),
+ BYTES_TO_T_UINT_8( 0xC9, 0x87, 0x7A, 0x66, 0x5D, 0x5B, 0xDF, 0x8F ),
+};
+static const mbedtls_mpi_uint secp192k1_T_5_X[] = {
+ BYTES_TO_T_UINT_8( 0x62, 0x45, 0xE5, 0x81, 0x9B, 0xEB, 0x37, 0x23 ),
+ BYTES_TO_T_UINT_8( 0xB3, 0x29, 0xE2, 0x20, 0x64, 0x23, 0x6B, 0x6E ),
+ BYTES_TO_T_UINT_8( 0xFE, 0x1D, 0x41, 0xE1, 0x9B, 0x61, 0x7B, 0xD9 ),
+};
+static const mbedtls_mpi_uint secp192k1_T_5_Y[] = {
+ BYTES_TO_T_UINT_8( 0x75, 0x57, 0xA3, 0x0A, 0x13, 0xE4, 0x59, 0x15 ),
+ BYTES_TO_T_UINT_8( 0x79, 0x6E, 0x4A, 0x48, 0x84, 0x90, 0xAC, 0xC7 ),
+ BYTES_TO_T_UINT_8( 0x9C, 0xB8, 0xF5, 0xF3, 0xDE, 0xA0, 0xA1, 0x1D ),
+};
+static const mbedtls_mpi_uint secp192k1_T_6_X[] = {
+ BYTES_TO_T_UINT_8( 0xA3, 0x32, 0x81, 0xA9, 0x91, 0x5A, 0x4E, 0x33 ),
+ BYTES_TO_T_UINT_8( 0xCB, 0xA8, 0x90, 0xBE, 0x0F, 0xEC, 0xC0, 0x85 ),
+ BYTES_TO_T_UINT_8( 0x80, 0x30, 0xD7, 0x08, 0xAE, 0xC4, 0x3A, 0xA5 ),
+};
+static const mbedtls_mpi_uint secp192k1_T_6_Y[] = {
+ BYTES_TO_T_UINT_8( 0xBC, 0x55, 0xE3, 0x76, 0xB3, 0x64, 0x74, 0x9F ),
+ BYTES_TO_T_UINT_8( 0x3F, 0x75, 0xD4, 0xDB, 0x98, 0xD7, 0x39, 0xAE ),
+ BYTES_TO_T_UINT_8( 0xD4, 0xEB, 0x8A, 0xAB, 0x16, 0xD9, 0xD4, 0x0B ),
+};
+static const mbedtls_mpi_uint secp192k1_T_7_X[] = {
+ BYTES_TO_T_UINT_8( 0x41, 0xBE, 0xF9, 0xC7, 0xC7, 0xBA, 0xF3, 0xA1 ),
+ BYTES_TO_T_UINT_8( 0xC2, 0x85, 0x59, 0xF3, 0x60, 0x41, 0x02, 0xD2 ),
+ BYTES_TO_T_UINT_8( 0x46, 0x1C, 0x4A, 0xA4, 0xC7, 0xED, 0x66, 0xBC ),
+};
+static const mbedtls_mpi_uint secp192k1_T_7_Y[] = {
+ BYTES_TO_T_UINT_8( 0xC3, 0x9C, 0x2E, 0x46, 0x52, 0x18, 0x87, 0x14 ),
+ BYTES_TO_T_UINT_8( 0xFF, 0x35, 0x5A, 0x75, 0xAC, 0x4D, 0x75, 0x91 ),
+ BYTES_TO_T_UINT_8( 0xCE, 0x2F, 0xAC, 0xFC, 0xBC, 0xE6, 0x93, 0x5E ),
+};
+static const mbedtls_mpi_uint secp192k1_T_8_X[] = {
+ BYTES_TO_T_UINT_8( 0x87, 0x4D, 0xC9, 0x18, 0xE9, 0x00, 0xEB, 0x33 ),
+ BYTES_TO_T_UINT_8( 0x1A, 0x69, 0x72, 0x07, 0x5A, 0x59, 0xA8, 0x26 ),
+ BYTES_TO_T_UINT_8( 0xB6, 0x65, 0x83, 0x20, 0x10, 0xF9, 0x69, 0x82 ),
+};
+static const mbedtls_mpi_uint secp192k1_T_8_Y[] = {
+ BYTES_TO_T_UINT_8( 0x8B, 0x56, 0x7F, 0x9F, 0xBF, 0x46, 0x0C, 0x7E ),
+ BYTES_TO_T_UINT_8( 0xFC, 0xCF, 0xF0, 0xDC, 0xDF, 0x2D, 0xE6, 0xE5 ),
+ BYTES_TO_T_UINT_8( 0x09, 0xF0, 0x72, 0x3A, 0x7A, 0x03, 0xE5, 0x22 ),
+};
+static const mbedtls_mpi_uint secp192k1_T_9_X[] = {
+ BYTES_TO_T_UINT_8( 0x3E, 0xAA, 0x57, 0x13, 0x37, 0xA7, 0x2C, 0xD4 ),
+ BYTES_TO_T_UINT_8( 0xA3, 0xAC, 0xA2, 0x23, 0xF9, 0x84, 0x60, 0xD3 ),
+ BYTES_TO_T_UINT_8( 0x32, 0xEB, 0x51, 0x70, 0x64, 0x78, 0xCA, 0x05 ),
+};
+static const mbedtls_mpi_uint secp192k1_T_9_Y[] = {
+ BYTES_TO_T_UINT_8( 0x91, 0xCC, 0x30, 0x62, 0x93, 0x46, 0x13, 0xE9 ),
+ BYTES_TO_T_UINT_8( 0x21, 0x26, 0xCC, 0x6C, 0x3D, 0x5C, 0xDA, 0x2C ),
+ BYTES_TO_T_UINT_8( 0xD5, 0xAA, 0xB8, 0x03, 0xA4, 0x1A, 0x00, 0x96 ),
+};
+static const mbedtls_mpi_uint secp192k1_T_10_X[] = {
+ BYTES_TO_T_UINT_8( 0xF9, 0x9D, 0xE6, 0xCC, 0x4E, 0x2E, 0xC2, 0xD5 ),
+ BYTES_TO_T_UINT_8( 0xB4, 0xC3, 0x8A, 0xAE, 0x6F, 0x40, 0x05, 0xEB ),
+ BYTES_TO_T_UINT_8( 0x9D, 0x8F, 0x4A, 0x4D, 0x35, 0xD3, 0x50, 0x9D ),
+};
+static const mbedtls_mpi_uint secp192k1_T_10_Y[] = {
+ BYTES_TO_T_UINT_8( 0x1F, 0xFD, 0x98, 0xAB, 0xC7, 0x03, 0xB4, 0x55 ),
+ BYTES_TO_T_UINT_8( 0x40, 0x40, 0xD2, 0x9F, 0xCA, 0xD0, 0x53, 0x00 ),
+ BYTES_TO_T_UINT_8( 0x1A, 0x84, 0x00, 0x6F, 0xC8, 0xAD, 0xED, 0x8D ),
+};
+static const mbedtls_mpi_uint secp192k1_T_11_X[] = {
+ BYTES_TO_T_UINT_8( 0xCE, 0xD3, 0x57, 0xD7, 0xC3, 0x07, 0xBD, 0xD7 ),
+ BYTES_TO_T_UINT_8( 0x67, 0xBA, 0x47, 0x1D, 0x3D, 0xEF, 0x98, 0x6C ),
+ BYTES_TO_T_UINT_8( 0x6D, 0xC0, 0x6C, 0x7F, 0x12, 0xEE, 0x9F, 0x67 ),
+};
+static const mbedtls_mpi_uint secp192k1_T_11_Y[] = {
+ BYTES_TO_T_UINT_8( 0xCA, 0x02, 0xDA, 0x79, 0xAA, 0xC9, 0x27, 0xC4 ),
+ BYTES_TO_T_UINT_8( 0x21, 0x79, 0xC7, 0x71, 0x84, 0xCB, 0xE5, 0x5A ),
+ BYTES_TO_T_UINT_8( 0x15, 0x37, 0x06, 0xBA, 0xB5, 0xD5, 0x18, 0x4C ),
+};
+static const mbedtls_mpi_uint secp192k1_T_12_X[] = {
+ BYTES_TO_T_UINT_8( 0xA1, 0x65, 0x72, 0x6C, 0xF2, 0x63, 0x27, 0x6A ),
+ BYTES_TO_T_UINT_8( 0x69, 0xBC, 0x71, 0xDF, 0x75, 0xF8, 0x98, 0x4D ),
+ BYTES_TO_T_UINT_8( 0x70, 0x70, 0x9B, 0xDC, 0xE7, 0x18, 0x71, 0xFF ),
+};
+static const mbedtls_mpi_uint secp192k1_T_12_Y[] = {
+ BYTES_TO_T_UINT_8( 0x15, 0x5B, 0x9F, 0x00, 0x5A, 0xB6, 0x80, 0x7A ),
+ BYTES_TO_T_UINT_8( 0xB7, 0xE0, 0xBB, 0xFC, 0x5E, 0x78, 0x9C, 0x89 ),
+ BYTES_TO_T_UINT_8( 0x60, 0x03, 0x68, 0x83, 0x3D, 0x2E, 0x4C, 0xDD ),
+};
+static const mbedtls_mpi_uint secp192k1_T_13_X[] = {
+ BYTES_TO_T_UINT_8( 0x3B, 0x49, 0x23, 0xA8, 0xCB, 0x3B, 0x1A, 0xF6 ),
+ BYTES_TO_T_UINT_8( 0x8B, 0x3D, 0xA7, 0x46, 0xCF, 0x75, 0xB6, 0x2C ),
+ BYTES_TO_T_UINT_8( 0x92, 0xFD, 0x30, 0x01, 0xB6, 0xEF, 0xF9, 0xE8 ),
+};
+static const mbedtls_mpi_uint secp192k1_T_13_Y[] = {
+ BYTES_TO_T_UINT_8( 0xDC, 0xFA, 0xDA, 0xB8, 0x29, 0x42, 0xC9, 0xC7 ),
+ BYTES_TO_T_UINT_8( 0x06, 0xD7, 0xA0, 0xE6, 0x6B, 0x86, 0x61, 0x39 ),
+ BYTES_TO_T_UINT_8( 0xDB, 0xE9, 0xD3, 0x37, 0xD8, 0xE7, 0x35, 0xA9 ),
+};
+static const mbedtls_mpi_uint secp192k1_T_14_X[] = {
+ BYTES_TO_T_UINT_8( 0xFD, 0xC8, 0x8E, 0xB1, 0xCB, 0xB1, 0xB5, 0x4D ),
+ BYTES_TO_T_UINT_8( 0x16, 0xD7, 0x46, 0x7D, 0xAF, 0xE2, 0xDC, 0xBB ),
+ BYTES_TO_T_UINT_8( 0xD0, 0x46, 0xE7, 0xD8, 0x76, 0x31, 0x90, 0x76 ),
+};
+static const mbedtls_mpi_uint secp192k1_T_14_Y[] = {
+ BYTES_TO_T_UINT_8( 0xEB, 0xD3, 0xF4, 0x74, 0xE1, 0x67, 0xD8, 0x66 ),
+ BYTES_TO_T_UINT_8( 0xE7, 0x70, 0x3C, 0xC8, 0xAF, 0x5F, 0xF4, 0x58 ),
+ BYTES_TO_T_UINT_8( 0x24, 0x4E, 0xED, 0x5C, 0x43, 0xB3, 0x16, 0x35 ),
+};
+static const mbedtls_mpi_uint secp192k1_T_15_X[] = {
+ BYTES_TO_T_UINT_8( 0x57, 0xAE, 0xD1, 0xDD, 0x31, 0x14, 0xD3, 0xF0 ),
+ BYTES_TO_T_UINT_8( 0xE8, 0x14, 0x06, 0x13, 0x12, 0x1C, 0x81, 0xF5 ),
+ BYTES_TO_T_UINT_8( 0xA6, 0xF9, 0x0C, 0x91, 0xF7, 0x67, 0x59, 0x63 ),
+};
+static const mbedtls_mpi_uint secp192k1_T_15_Y[] = {
+ BYTES_TO_T_UINT_8( 0xAB, 0x91, 0xE2, 0xF4, 0x9D, 0xEB, 0x88, 0x87 ),
+ BYTES_TO_T_UINT_8( 0xDB, 0x82, 0x30, 0x9C, 0xAE, 0x18, 0x4D, 0xB7 ),
+ BYTES_TO_T_UINT_8( 0x3C, 0x79, 0xCF, 0x17, 0xA5, 0x1E, 0xE8, 0xC8 ),
+};
+static const mbedtls_ecp_point secp192k1_T[16] = {
+ ECP_POINT_INIT_XY_Z1(secp192k1_T_0_X, secp192k1_T_0_Y),
+ ECP_POINT_INIT_XY_Z0(secp192k1_T_1_X, secp192k1_T_1_Y),
+ ECP_POINT_INIT_XY_Z0(secp192k1_T_2_X, secp192k1_T_2_Y),
+ ECP_POINT_INIT_XY_Z0(secp192k1_T_3_X, secp192k1_T_3_Y),
+ ECP_POINT_INIT_XY_Z0(secp192k1_T_4_X, secp192k1_T_4_Y),
+ ECP_POINT_INIT_XY_Z0(secp192k1_T_5_X, secp192k1_T_5_Y),
+ ECP_POINT_INIT_XY_Z0(secp192k1_T_6_X, secp192k1_T_6_Y),
+ ECP_POINT_INIT_XY_Z0(secp192k1_T_7_X, secp192k1_T_7_Y),
+ ECP_POINT_INIT_XY_Z0(secp192k1_T_8_X, secp192k1_T_8_Y),
+ ECP_POINT_INIT_XY_Z0(secp192k1_T_9_X, secp192k1_T_9_Y),
+ ECP_POINT_INIT_XY_Z0(secp192k1_T_10_X, secp192k1_T_10_Y),
+ ECP_POINT_INIT_XY_Z0(secp192k1_T_11_X, secp192k1_T_11_Y),
+ ECP_POINT_INIT_XY_Z0(secp192k1_T_12_X, secp192k1_T_12_Y),
+ ECP_POINT_INIT_XY_Z0(secp192k1_T_13_X, secp192k1_T_13_Y),
+ ECP_POINT_INIT_XY_Z0(secp192k1_T_14_X, secp192k1_T_14_Y),
+ ECP_POINT_INIT_XY_Z0(secp192k1_T_15_X, secp192k1_T_15_Y),
+};
+#else
+#define secp192k1_T NULL
+#endif
+
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
@@ -356,6 +2471,221 @@
BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ),
};
+
+#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
+static const mbedtls_mpi_uint secp224k1_T_0_X[] = {
+ BYTES_TO_T_UINT_8( 0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F ),
+ BYTES_TO_T_UINT_8( 0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69 ),
+ BYTES_TO_T_UINT_8( 0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D ),
+ BYTES_TO_T_UINT_8( 0x33, 0x5B, 0x45, 0xA1, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_0_Y[] = {
+ BYTES_TO_T_UINT_8( 0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2 ),
+ BYTES_TO_T_UINT_8( 0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7 ),
+ BYTES_TO_T_UINT_8( 0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F ),
+ BYTES_TO_T_UINT_8( 0xED, 0x9F, 0x08, 0x7E, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_1_X[] = {
+ BYTES_TO_T_UINT_8( 0x99, 0x6C, 0x22, 0x22, 0x40, 0x89, 0xAE, 0x7A ),
+ BYTES_TO_T_UINT_8( 0x2F, 0x92, 0xE1, 0x87, 0x56, 0x35, 0xAF, 0x9B ),
+ BYTES_TO_T_UINT_8( 0x88, 0xAF, 0x08, 0x35, 0x27, 0xEA, 0x04, 0xED ),
+ BYTES_TO_T_UINT_8( 0xF0, 0x53, 0xFD, 0xCF, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_1_Y[] = {
+ BYTES_TO_T_UINT_8( 0xC1, 0xD0, 0x9F, 0x8D, 0xF3, 0x63, 0x54, 0x30 ),
+ BYTES_TO_T_UINT_8( 0x39, 0xDB, 0x0F, 0x61, 0x54, 0x26, 0xD1, 0x98 ),
+ BYTES_TO_T_UINT_8( 0xF5, 0x21, 0xF7, 0x1B, 0xB5, 0x1D, 0xF6, 0x7E ),
+ BYTES_TO_T_UINT_8( 0xFF, 0x05, 0xDA, 0x8F, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_2_X[] = {
+ BYTES_TO_T_UINT_8( 0x10, 0x26, 0x73, 0xBC, 0xE4, 0x29, 0x62, 0x56 ),
+ BYTES_TO_T_UINT_8( 0x37, 0x95, 0x17, 0x8B, 0xC3, 0x9B, 0xAC, 0xCC ),
+ BYTES_TO_T_UINT_8( 0xB1, 0xDB, 0x77, 0xDF, 0xDD, 0x13, 0x04, 0x98 ),
+ BYTES_TO_T_UINT_8( 0x02, 0xFC, 0x22, 0x93, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_2_Y[] = {
+ BYTES_TO_T_UINT_8( 0xAC, 0x65, 0xF1, 0x5A, 0x37, 0xEF, 0x79, 0xAD ),
+ BYTES_TO_T_UINT_8( 0x99, 0x01, 0x37, 0xAC, 0x9A, 0x5B, 0x51, 0x65 ),
+ BYTES_TO_T_UINT_8( 0xFA, 0x75, 0x13, 0xA9, 0x4A, 0xAD, 0xFE, 0x9B ),
+ BYTES_TO_T_UINT_8( 0x32, 0x82, 0x6F, 0x66, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_3_X[] = {
+ BYTES_TO_T_UINT_8( 0x4D, 0x5E, 0xF0, 0x40, 0xC3, 0xA6, 0xE2, 0x1E ),
+ BYTES_TO_T_UINT_8( 0x34, 0x9A, 0x6F, 0xCF, 0x11, 0x26, 0x66, 0x85 ),
+ BYTES_TO_T_UINT_8( 0x79, 0x73, 0xA8, 0xCF, 0x2B, 0x12, 0x36, 0x37 ),
+ BYTES_TO_T_UINT_8( 0xB9, 0xB3, 0x0A, 0x58, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_3_Y[] = {
+ BYTES_TO_T_UINT_8( 0xD3, 0x79, 0x00, 0x55, 0x04, 0x34, 0x90, 0x1A ),
+ BYTES_TO_T_UINT_8( 0x0A, 0x54, 0x1C, 0xC2, 0x45, 0x0C, 0x1B, 0x23 ),
+ BYTES_TO_T_UINT_8( 0x86, 0x19, 0xAB, 0xA8, 0xFC, 0x73, 0xDC, 0xEE ),
+ BYTES_TO_T_UINT_8( 0x72, 0xFB, 0x93, 0xCE, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_4_X[] = {
+ BYTES_TO_T_UINT_8( 0xF8, 0x75, 0xD0, 0x66, 0x95, 0x86, 0xCA, 0x66 ),
+ BYTES_TO_T_UINT_8( 0x17, 0xEA, 0x29, 0x16, 0x6A, 0x38, 0xDF, 0x41 ),
+ BYTES_TO_T_UINT_8( 0xD8, 0xA2, 0x36, 0x2F, 0xDC, 0xBB, 0x5E, 0xF7 ),
+ BYTES_TO_T_UINT_8( 0xD4, 0x89, 0x59, 0x49, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_4_Y[] = {
+ BYTES_TO_T_UINT_8( 0xCA, 0xA3, 0x99, 0x9D, 0xB8, 0x77, 0x9D, 0x1D ),
+ BYTES_TO_T_UINT_8( 0x0A, 0x93, 0x43, 0x47, 0xC6, 0x5C, 0xF9, 0xFD ),
+ BYTES_TO_T_UINT_8( 0xAA, 0x00, 0x79, 0x42, 0x64, 0xB8, 0x25, 0x3E ),
+ BYTES_TO_T_UINT_8( 0x29, 0x54, 0xB4, 0x33, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_5_X[] = {
+ BYTES_TO_T_UINT_8( 0xD9, 0x0C, 0x42, 0x90, 0x83, 0x0B, 0x31, 0x5F ),
+ BYTES_TO_T_UINT_8( 0x54, 0x2E, 0xAE, 0xC8, 0xC7, 0x5F, 0xD2, 0x70 ),
+ BYTES_TO_T_UINT_8( 0xA9, 0xBC, 0xAD, 0x41, 0xE7, 0x32, 0x3A, 0x81 ),
+ BYTES_TO_T_UINT_8( 0x8A, 0x97, 0x52, 0x83, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_5_Y[] = {
+ BYTES_TO_T_UINT_8( 0x1A, 0x13, 0x7A, 0xBD, 0xAE, 0x94, 0x60, 0xFD ),
+ BYTES_TO_T_UINT_8( 0x92, 0x9B, 0x95, 0xB4, 0x6E, 0x68, 0xB2, 0x1F ),
+ BYTES_TO_T_UINT_8( 0x15, 0x49, 0xBE, 0x51, 0xFE, 0x66, 0x15, 0x74 ),
+ BYTES_TO_T_UINT_8( 0xE6, 0x37, 0xE4, 0xFE, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_6_X[] = {
+ BYTES_TO_T_UINT_8( 0xF6, 0x9B, 0xEE, 0x64, 0xC9, 0x1B, 0xBD, 0x77 ),
+ BYTES_TO_T_UINT_8( 0xDA, 0x5F, 0x34, 0xA9, 0x0B, 0xB7, 0x25, 0x52 ),
+ BYTES_TO_T_UINT_8( 0x90, 0x13, 0xB1, 0x38, 0xFB, 0x9D, 0x78, 0xED ),
+ BYTES_TO_T_UINT_8( 0x39, 0xE7, 0x1B, 0xFA, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_6_Y[] = {
+ BYTES_TO_T_UINT_8( 0xFB, 0xB3, 0xB7, 0x44, 0x92, 0x6B, 0x00, 0x82 ),
+ BYTES_TO_T_UINT_8( 0x97, 0x82, 0x44, 0x3E, 0x18, 0x1A, 0x58, 0x6A ),
+ BYTES_TO_T_UINT_8( 0x15, 0xF8, 0xC0, 0xE4, 0xEE, 0xC1, 0xBF, 0x44 ),
+ BYTES_TO_T_UINT_8( 0x7E, 0x32, 0x27, 0xB2, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_7_X[] = {
+ BYTES_TO_T_UINT_8( 0xF4, 0x9A, 0x42, 0x62, 0x8B, 0x26, 0x54, 0x21 ),
+ BYTES_TO_T_UINT_8( 0x24, 0x85, 0x74, 0xA0, 0x79, 0xA8, 0xEE, 0xBE ),
+ BYTES_TO_T_UINT_8( 0x80, 0x36, 0x60, 0xB3, 0x28, 0x4D, 0x55, 0xBE ),
+ BYTES_TO_T_UINT_8( 0x32, 0x27, 0x82, 0x29, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_7_Y[] = {
+ BYTES_TO_T_UINT_8( 0x0D, 0xFC, 0x73, 0x77, 0xAF, 0x5C, 0xAC, 0x78 ),
+ BYTES_TO_T_UINT_8( 0xCC, 0xED, 0xE5, 0xF6, 0x1D, 0xA8, 0x67, 0x43 ),
+ BYTES_TO_T_UINT_8( 0xF8, 0xDE, 0x33, 0x1C, 0xF1, 0x80, 0x73, 0xF8 ),
+ BYTES_TO_T_UINT_8( 0x2A, 0xE2, 0xDE, 0x3C, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_8_X[] = {
+ BYTES_TO_T_UINT_8( 0x57, 0x3E, 0x6B, 0xFE, 0xF0, 0x04, 0x28, 0x01 ),
+ BYTES_TO_T_UINT_8( 0xBB, 0xB2, 0x14, 0x9D, 0x18, 0x11, 0x7D, 0x9D ),
+ BYTES_TO_T_UINT_8( 0x96, 0xC4, 0xD6, 0x2E, 0x6E, 0x57, 0x4D, 0xE1 ),
+ BYTES_TO_T_UINT_8( 0xEA, 0x55, 0x1B, 0xDE, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_8_Y[] = {
+ BYTES_TO_T_UINT_8( 0x07, 0xF7, 0x17, 0xBC, 0x45, 0xAB, 0x16, 0xAB ),
+ BYTES_TO_T_UINT_8( 0xCD, 0xB0, 0xEF, 0x61, 0xE3, 0x20, 0x7C, 0xF8 ),
+ BYTES_TO_T_UINT_8( 0x6C, 0x85, 0x41, 0x4D, 0xF1, 0x7E, 0x4D, 0x41 ),
+ BYTES_TO_T_UINT_8( 0x99, 0xC2, 0x9B, 0x5E, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_9_X[] = {
+ BYTES_TO_T_UINT_8( 0x70, 0x2E, 0x49, 0x3D, 0x3E, 0x4B, 0xD3, 0x32 ),
+ BYTES_TO_T_UINT_8( 0xC8, 0x2B, 0x9D, 0xD5, 0x27, 0xFA, 0xCA, 0xE0 ),
+ BYTES_TO_T_UINT_8( 0xB3, 0xB3, 0x6A, 0xE0, 0x79, 0x14, 0x28, 0x0F ),
+ BYTES_TO_T_UINT_8( 0x6C, 0x1E, 0xDC, 0xF5, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_9_Y[] = {
+ BYTES_TO_T_UINT_8( 0xCA, 0x44, 0x56, 0xCD, 0xFC, 0x9F, 0x09, 0xFF ),
+ BYTES_TO_T_UINT_8( 0x5C, 0x8C, 0x59, 0xA4, 0x64, 0x2A, 0x3A, 0xED ),
+ BYTES_TO_T_UINT_8( 0x40, 0xA0, 0xB5, 0x86, 0x4E, 0x69, 0xDA, 0x06 ),
+ BYTES_TO_T_UINT_8( 0x08, 0x8B, 0x11, 0x38, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_10_X[] = {
+ BYTES_TO_T_UINT_8( 0xA0, 0x17, 0x16, 0x12, 0x17, 0xDC, 0x00, 0x7E ),
+ BYTES_TO_T_UINT_8( 0xE7, 0x76, 0x24, 0x6C, 0x97, 0x2C, 0xB5, 0xF9 ),
+ BYTES_TO_T_UINT_8( 0x82, 0x71, 0xE3, 0xB0, 0xBB, 0x4E, 0x50, 0x52 ),
+ BYTES_TO_T_UINT_8( 0x6E, 0x48, 0x26, 0xD5, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_10_Y[] = {
+ BYTES_TO_T_UINT_8( 0x06, 0x5F, 0x28, 0xF6, 0x01, 0x5A, 0x60, 0x41 ),
+ BYTES_TO_T_UINT_8( 0xAE, 0x95, 0xFE, 0xD0, 0xAD, 0x15, 0xD4, 0xD9 ),
+ BYTES_TO_T_UINT_8( 0xAD, 0x5B, 0x7A, 0xFD, 0x80, 0xF7, 0x9F, 0x64 ),
+ BYTES_TO_T_UINT_8( 0x32, 0xBC, 0x1B, 0xDF, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_11_X[] = {
+ BYTES_TO_T_UINT_8( 0xBB, 0xE6, 0xDF, 0x14, 0x29, 0xF4, 0xD4, 0x14 ),
+ BYTES_TO_T_UINT_8( 0xE5, 0x12, 0xDD, 0xEC, 0x5B, 0x8A, 0x59, 0xE5 ),
+ BYTES_TO_T_UINT_8( 0x26, 0x92, 0x3E, 0x35, 0x08, 0xE9, 0xCF, 0x0E ),
+ BYTES_TO_T_UINT_8( 0xE0, 0x35, 0x29, 0x97, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_11_Y[] = {
+ BYTES_TO_T_UINT_8( 0x11, 0xDB, 0xD6, 0x6A, 0xC5, 0x43, 0xA4, 0xA1 ),
+ BYTES_TO_T_UINT_8( 0x61, 0x33, 0x50, 0x61, 0x70, 0xA1, 0xE9, 0xCE ),
+ BYTES_TO_T_UINT_8( 0x15, 0x15, 0x6E, 0x5F, 0x01, 0x0C, 0x8C, 0xFA ),
+ BYTES_TO_T_UINT_8( 0x85, 0xA1, 0x9A, 0x9D, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_12_X[] = {
+ BYTES_TO_T_UINT_8( 0x6E, 0xC6, 0xF7, 0xE2, 0x4A, 0xCD, 0x9B, 0x61 ),
+ BYTES_TO_T_UINT_8( 0x34, 0x4D, 0x5A, 0xB8, 0xE2, 0x6D, 0xA6, 0x50 ),
+ BYTES_TO_T_UINT_8( 0x32, 0x3F, 0xB6, 0x17, 0xE3, 0x2C, 0x6F, 0x65 ),
+ BYTES_TO_T_UINT_8( 0x1E, 0xA4, 0x59, 0x51, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_12_Y[] = {
+ BYTES_TO_T_UINT_8( 0x77, 0x4F, 0x7C, 0x49, 0xCD, 0x6E, 0xEB, 0x3C ),
+ BYTES_TO_T_UINT_8( 0x05, 0xC9, 0x1F, 0xB7, 0x4D, 0x98, 0xC7, 0x67 ),
+ BYTES_TO_T_UINT_8( 0x4C, 0xFD, 0x98, 0x20, 0x95, 0xBB, 0x20, 0x3A ),
+ BYTES_TO_T_UINT_8( 0xE0, 0xF2, 0x73, 0x92, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_13_X[] = {
+ BYTES_TO_T_UINT_8( 0xE2, 0xEF, 0xFB, 0x30, 0xFA, 0x12, 0x1A, 0xB0 ),
+ BYTES_TO_T_UINT_8( 0x7A, 0x4C, 0x24, 0xB4, 0x5B, 0xC9, 0x4C, 0x0F ),
+ BYTES_TO_T_UINT_8( 0x7A, 0xDD, 0x5E, 0x84, 0x95, 0x4D, 0x26, 0xED ),
+ BYTES_TO_T_UINT_8( 0xE3, 0xFA, 0xF9, 0x3A, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_13_Y[] = {
+ BYTES_TO_T_UINT_8( 0x6A, 0xA3, 0x2E, 0x7A, 0xDC, 0xA7, 0x53, 0xA9 ),
+ BYTES_TO_T_UINT_8( 0x7C, 0x9F, 0x81, 0x84, 0xB2, 0x0D, 0xFE, 0x31 ),
+ BYTES_TO_T_UINT_8( 0x61, 0x89, 0x1B, 0x77, 0x0C, 0x89, 0x71, 0xEC ),
+ BYTES_TO_T_UINT_8( 0xFA, 0xFF, 0x7F, 0xB2, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_14_X[] = {
+ BYTES_TO_T_UINT_8( 0x28, 0xE9, 0x2C, 0x79, 0xA6, 0x3C, 0xAD, 0x93 ),
+ BYTES_TO_T_UINT_8( 0xD6, 0xE0, 0x23, 0x02, 0x86, 0x0F, 0x77, 0x2A ),
+ BYTES_TO_T_UINT_8( 0x13, 0x93, 0x6D, 0xE9, 0xF9, 0x3C, 0xBE, 0xB9 ),
+ BYTES_TO_T_UINT_8( 0x04, 0xE7, 0x24, 0x92, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_14_Y[] = {
+ BYTES_TO_T_UINT_8( 0xBB, 0x3C, 0x5B, 0x4B, 0x1B, 0x25, 0x37, 0xD6 ),
+ BYTES_TO_T_UINT_8( 0xC9, 0xE8, 0x38, 0x1B, 0xA1, 0x5A, 0x2E, 0x68 ),
+ BYTES_TO_T_UINT_8( 0x03, 0x19, 0xFD, 0xF4, 0x78, 0x01, 0x6B, 0x44 ),
+ BYTES_TO_T_UINT_8( 0x0F, 0x69, 0x37, 0x4F, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_15_X[] = {
+ BYTES_TO_T_UINT_8( 0x1A, 0xE2, 0xBF, 0xD3, 0xEC, 0x95, 0x9C, 0x03 ),
+ BYTES_TO_T_UINT_8( 0xC2, 0x7B, 0xFC, 0xD5, 0xD3, 0x25, 0x5E, 0x0F ),
+ BYTES_TO_T_UINT_8( 0x39, 0x55, 0x09, 0xA2, 0x58, 0x6A, 0xC9, 0xFF ),
+ BYTES_TO_T_UINT_8( 0x80, 0xCC, 0x3B, 0xD9, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_mpi_uint secp224k1_T_15_Y[] = {
+ BYTES_TO_T_UINT_8( 0x8F, 0x08, 0x65, 0x5E, 0xCB, 0xAB, 0x48, 0xC8 ),
+ BYTES_TO_T_UINT_8( 0xEE, 0x79, 0x8B, 0xC0, 0x11, 0xC0, 0x69, 0x38 ),
+ BYTES_TO_T_UINT_8( 0xE6, 0xE8, 0x8C, 0x4C, 0xC5, 0x28, 0xE4, 0xAE ),
+ BYTES_TO_T_UINT_8( 0xA5, 0x1F, 0x34, 0x5C, 0x00, 0x00, 0x00, 0x00 ),
+};
+static const mbedtls_ecp_point secp224k1_T[16] = {
+ ECP_POINT_INIT_XY_Z1(secp224k1_T_0_X, secp224k1_T_0_Y),
+ ECP_POINT_INIT_XY_Z0(secp224k1_T_1_X, secp224k1_T_1_Y),
+ ECP_POINT_INIT_XY_Z0(secp224k1_T_2_X, secp224k1_T_2_Y),
+ ECP_POINT_INIT_XY_Z0(secp224k1_T_3_X, secp224k1_T_3_Y),
+ ECP_POINT_INIT_XY_Z0(secp224k1_T_4_X, secp224k1_T_4_Y),
+ ECP_POINT_INIT_XY_Z0(secp224k1_T_5_X, secp224k1_T_5_Y),
+ ECP_POINT_INIT_XY_Z0(secp224k1_T_6_X, secp224k1_T_6_Y),
+ ECP_POINT_INIT_XY_Z0(secp224k1_T_7_X, secp224k1_T_7_Y),
+ ECP_POINT_INIT_XY_Z0(secp224k1_T_8_X, secp224k1_T_8_Y),
+ ECP_POINT_INIT_XY_Z0(secp224k1_T_9_X, secp224k1_T_9_Y),
+ ECP_POINT_INIT_XY_Z0(secp224k1_T_10_X, secp224k1_T_10_Y),
+ ECP_POINT_INIT_XY_Z0(secp224k1_T_11_X, secp224k1_T_11_Y),
+ ECP_POINT_INIT_XY_Z0(secp224k1_T_12_X, secp224k1_T_12_Y),
+ ECP_POINT_INIT_XY_Z0(secp224k1_T_13_X, secp224k1_T_13_Y),
+ ECP_POINT_INIT_XY_Z0(secp224k1_T_14_X, secp224k1_T_14_Y),
+ ECP_POINT_INIT_XY_Z0(secp224k1_T_15_X, secp224k1_T_15_Y),
+};
+#else
+#define secp224k1_T NULL
+#endif
#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
@@ -389,6 +2719,221 @@
BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
};
+
+#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
+static const mbedtls_mpi_uint secp256k1_T_0_X[] = {
+ BYTES_TO_T_UINT_8( 0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59 ),
+ BYTES_TO_T_UINT_8( 0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02 ),
+ BYTES_TO_T_UINT_8( 0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55 ),
+ BYTES_TO_T_UINT_8( 0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79 ),
+};
+static const mbedtls_mpi_uint secp256k1_T_0_Y[] = {
+ BYTES_TO_T_UINT_8( 0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C ),
+ BYTES_TO_T_UINT_8( 0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD ),
+ BYTES_TO_T_UINT_8( 0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D ),
+ BYTES_TO_T_UINT_8( 0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48 ),
+};
+static const mbedtls_mpi_uint secp256k1_T_1_X[] = {
+ BYTES_TO_T_UINT_8( 0xE7, 0xEE, 0xD7, 0x1E, 0x67, 0x86, 0x32, 0x74 ),
+ BYTES_TO_T_UINT_8( 0x23, 0x73, 0xB1, 0xA9, 0xD5, 0xCC, 0x27, 0x78 ),
+ BYTES_TO_T_UINT_8( 0x1F, 0x0E, 0x11, 0x01, 0x71, 0xFE, 0x92, 0x73 ),
+ BYTES_TO_T_UINT_8( 0xC6, 0x28, 0x63, 0x6D, 0x72, 0x09, 0xA6, 0xC0 ),
+};
+static const mbedtls_mpi_uint secp256k1_T_1_Y[] = {
+ BYTES_TO_T_UINT_8( 0xCE, 0xE1, 0x69, 0xDC, 0x3E, 0x2C, 0x75, 0xC3 ),
+ BYTES_TO_T_UINT_8( 0xE5, 0xB7, 0x3F, 0x30, 0x26, 0x3C, 0xDF, 0x8E ),
+ BYTES_TO_T_UINT_8( 0x3D, 0xBE, 0xB9, 0x5D, 0x0E, 0xE8, 0x5E, 0x14 ),
+ BYTES_TO_T_UINT_8( 0x01, 0xC3, 0x05, 0xD6, 0xB7, 0xD5, 0x24, 0xFC ),
+};
+static const mbedtls_mpi_uint secp256k1_T_2_X[] = {
+ BYTES_TO_T_UINT_8( 0x13, 0xCF, 0x7B, 0xDC, 0xCD, 0xC3, 0x39, 0x9D ),
+ BYTES_TO_T_UINT_8( 0x42, 0xDA, 0xB9, 0xE5, 0x64, 0xA7, 0x47, 0x91 ),
+ BYTES_TO_T_UINT_8( 0x76, 0x46, 0xA8, 0x61, 0xF6, 0x23, 0xEB, 0x58 ),
+ BYTES_TO_T_UINT_8( 0x5C, 0xC1, 0xFF, 0xE4, 0x55, 0xD5, 0xC2, 0xBF ),
+};
+static const mbedtls_mpi_uint secp256k1_T_2_Y[] = {
+ BYTES_TO_T_UINT_8( 0xC9, 0xBE, 0xB9, 0x59, 0x24, 0x13, 0x4A, 0x2A ),
+ BYTES_TO_T_UINT_8( 0x64, 0x45, 0x12, 0xDE, 0xBA, 0x4F, 0xEF, 0x56 ),
+ BYTES_TO_T_UINT_8( 0xBE, 0x08, 0xBF, 0xC1, 0x66, 0xAA, 0x0A, 0xBC ),
+ BYTES_TO_T_UINT_8( 0x36, 0xFE, 0x30, 0x55, 0x31, 0x86, 0xA7, 0xB4 ),
+};
+static const mbedtls_mpi_uint secp256k1_T_3_X[] = {
+ BYTES_TO_T_UINT_8( 0x1D, 0xBF, 0x18, 0x81, 0x67, 0x27, 0x42, 0xBD ),
+ BYTES_TO_T_UINT_8( 0x08, 0x05, 0x83, 0xA4, 0xDD, 0x57, 0xD3, 0x50 ),
+ BYTES_TO_T_UINT_8( 0x20, 0x63, 0xAB, 0xE4, 0x90, 0x70, 0xD0, 0x7C ),
+ BYTES_TO_T_UINT_8( 0x71, 0x5D, 0xFD, 0xA0, 0xEF, 0xCF, 0x1C, 0x54 ),
+};
+static const mbedtls_mpi_uint secp256k1_T_3_Y[] = {
+ BYTES_TO_T_UINT_8( 0x13, 0x80, 0xE4, 0xF6, 0x09, 0xBC, 0x57, 0x90 ),
+ BYTES_TO_T_UINT_8( 0x21, 0x9F, 0x6E, 0x88, 0x54, 0x6E, 0x51, 0xF2 ),
+ BYTES_TO_T_UINT_8( 0xF5, 0x5F, 0x85, 0xFB, 0x84, 0x3E, 0x4A, 0xAA ),
+ BYTES_TO_T_UINT_8( 0xA8, 0x19, 0xF5, 0x55, 0xC9, 0x07, 0xD8, 0xCE ),
+};
+static const mbedtls_mpi_uint secp256k1_T_4_X[] = {
+ BYTES_TO_T_UINT_8( 0x1A, 0xB4, 0xC3, 0xD9, 0x5C, 0xA0, 0xD4, 0x90 ),
+ BYTES_TO_T_UINT_8( 0x0D, 0x30, 0xAF, 0x59, 0x9B, 0xF8, 0x04, 0x85 ),
+ BYTES_TO_T_UINT_8( 0x4D, 0xA6, 0xFD, 0x66, 0x7B, 0xC3, 0x39, 0x85 ),
+ BYTES_TO_T_UINT_8( 0xE0, 0xBF, 0xF0, 0xC2, 0xE9, 0x71, 0xA4, 0x9E ),
+};
+static const mbedtls_mpi_uint secp256k1_T_4_Y[] = {
+ BYTES_TO_T_UINT_8( 0x14, 0x2D, 0xB9, 0x88, 0x28, 0xF1, 0xBE, 0x78 ),
+ BYTES_TO_T_UINT_8( 0x14, 0xF3, 0x1A, 0x0E, 0xB9, 0x01, 0x66, 0x34 ),
+ BYTES_TO_T_UINT_8( 0x77, 0xA7, 0xA4, 0xF4, 0x05, 0xD0, 0xAA, 0x53 ),
+ BYTES_TO_T_UINT_8( 0x00, 0x39, 0x1E, 0x47, 0xE5, 0x68, 0xC8, 0xC0 ),
+};
+static const mbedtls_mpi_uint secp256k1_T_5_X[] = {
+ BYTES_TO_T_UINT_8( 0xDD, 0xB9, 0xFC, 0xE0, 0x33, 0x8A, 0x7D, 0x96 ),
+ BYTES_TO_T_UINT_8( 0x4F, 0x93, 0xA5, 0x53, 0x55, 0x16, 0xB4, 0x6E ),
+ BYTES_TO_T_UINT_8( 0xE9, 0x5F, 0xEA, 0x9B, 0x29, 0x52, 0x71, 0xDA ),
+ BYTES_TO_T_UINT_8( 0xB2, 0xF0, 0x24, 0xB8, 0x7D, 0xB7, 0xA0, 0x9B ),
+};
+static const mbedtls_mpi_uint secp256k1_T_5_Y[] = {
+ BYTES_TO_T_UINT_8( 0xC2, 0x00, 0x27, 0xB2, 0xDF, 0x73, 0xA2, 0xE0 ),
+ BYTES_TO_T_UINT_8( 0x1D, 0x2E, 0x4D, 0x7C, 0xDE, 0x7A, 0x23, 0x32 ),
+ BYTES_TO_T_UINT_8( 0xAC, 0x65, 0x60, 0xC7, 0x97, 0x1E, 0xA4, 0x22 ),
+ BYTES_TO_T_UINT_8( 0xCD, 0x13, 0x5B, 0x77, 0x59, 0xCB, 0x36, 0xE1 ),
+};
+static const mbedtls_mpi_uint secp256k1_T_6_X[] = {
+ BYTES_TO_T_UINT_8( 0x99, 0xBC, 0x9F, 0x9E, 0x2D, 0x53, 0x2A, 0xA8 ),
+ BYTES_TO_T_UINT_8( 0x87, 0x5F, 0x64, 0x9F, 0x1A, 0x19, 0xE6, 0x77 ),
+ BYTES_TO_T_UINT_8( 0x9E, 0x7B, 0x39, 0xD2, 0xDB, 0x85, 0x84, 0xD5 ),
+ BYTES_TO_T_UINT_8( 0x83, 0xC7, 0x0D, 0x58, 0x6E, 0x3F, 0x52, 0x15 ),
+};
+static const mbedtls_mpi_uint secp256k1_T_6_Y[] = {
+ BYTES_TO_T_UINT_8( 0x21, 0x68, 0x19, 0x0B, 0x68, 0xC9, 0x1E, 0xFB ),
+ BYTES_TO_T_UINT_8( 0xD2, 0x4E, 0x21, 0x49, 0x3D, 0x55, 0xCC, 0x25 ),
+ BYTES_TO_T_UINT_8( 0xF5, 0xF9, 0x25, 0x45, 0x54, 0x45, 0xB1, 0x0F ),
+ BYTES_TO_T_UINT_8( 0xA9, 0xB3, 0xF7, 0xCD, 0x80, 0xA4, 0x04, 0x05 ),
+};
+static const mbedtls_mpi_uint secp256k1_T_7_X[] = {
+ BYTES_TO_T_UINT_8( 0xD4, 0x1E, 0x88, 0xC4, 0xAA, 0x18, 0x7E, 0x45 ),
+ BYTES_TO_T_UINT_8( 0x4B, 0xAC, 0xD9, 0xB2, 0xA1, 0xC0, 0x71, 0x5D ),
+ BYTES_TO_T_UINT_8( 0xA9, 0xA2, 0xF1, 0x15, 0xA6, 0x5F, 0x6C, 0x86 ),
+ BYTES_TO_T_UINT_8( 0x4F, 0x5B, 0x05, 0xBC, 0xB7, 0xC6, 0x4E, 0x72 ),
+};
+static const mbedtls_mpi_uint secp256k1_T_7_Y[] = {
+ BYTES_TO_T_UINT_8( 0x1D, 0x80, 0xF8, 0x5C, 0x20, 0x2A, 0xE1, 0xE2 ),
+ BYTES_TO_T_UINT_8( 0x7C, 0x48, 0x2E, 0x68, 0x82, 0x7F, 0xEB, 0x5F ),
+ BYTES_TO_T_UINT_8( 0xA2, 0x3B, 0x25, 0xDB, 0x32, 0x4D, 0x88, 0x42 ),
+ BYTES_TO_T_UINT_8( 0xEE, 0x6E, 0xA6, 0xB6, 0x6D, 0x62, 0x78, 0x22 ),
+};
+static const mbedtls_mpi_uint secp256k1_T_8_X[] = {
+ BYTES_TO_T_UINT_8( 0x1F, 0x4D, 0x3E, 0x86, 0x58, 0xC3, 0xEB, 0xBA ),
+ BYTES_TO_T_UINT_8( 0x1A, 0x89, 0x33, 0x18, 0x21, 0x1D, 0x9B, 0xE7 ),
+ BYTES_TO_T_UINT_8( 0x0B, 0x9D, 0xFF, 0xC3, 0x79, 0xC1, 0x88, 0xF8 ),
+ BYTES_TO_T_UINT_8( 0x28, 0xD4, 0x48, 0x53, 0xE8, 0xAD, 0x21, 0x16 ),
+};
+static const mbedtls_mpi_uint secp256k1_T_8_Y[] = {
+ BYTES_TO_T_UINT_8( 0xF5, 0x7B, 0xDE, 0xCB, 0xD8, 0x39, 0x17, 0x7C ),
+ BYTES_TO_T_UINT_8( 0xD3, 0xF3, 0x03, 0xF2, 0x5C, 0xBC, 0xC8, 0x8A ),
+ BYTES_TO_T_UINT_8( 0x27, 0xAE, 0x4C, 0xB0, 0x16, 0xA4, 0x93, 0x86 ),
+ BYTES_TO_T_UINT_8( 0x71, 0x8B, 0x6B, 0xDC, 0xD7, 0x9A, 0x3E, 0x7E ),
+};
+static const mbedtls_mpi_uint secp256k1_T_9_X[] = {
+ BYTES_TO_T_UINT_8( 0xD6, 0x2D, 0x7A, 0xD2, 0x59, 0x05, 0xA2, 0x82 ),
+ BYTES_TO_T_UINT_8( 0x57, 0x56, 0x09, 0x32, 0xF1, 0xE8, 0xE3, 0x72 ),
+ BYTES_TO_T_UINT_8( 0x03, 0xCA, 0xE5, 0x2E, 0xF0, 0xFB, 0x18, 0x19 ),
+ BYTES_TO_T_UINT_8( 0xBA, 0x85, 0xA9, 0x23, 0x15, 0x31, 0x1F, 0x0E ),
+};
+static const mbedtls_mpi_uint secp256k1_T_9_Y[] = {
+ BYTES_TO_T_UINT_8( 0x76, 0xE5, 0xB1, 0x86, 0xB9, 0x6E, 0x8D, 0xD3 ),
+ BYTES_TO_T_UINT_8( 0x6C, 0x77, 0xFC, 0xC9, 0xA3, 0x3F, 0x89, 0xD2 ),
+ BYTES_TO_T_UINT_8( 0xDB, 0x6A, 0xDC, 0x25, 0xB0, 0xC7, 0x41, 0x54 ),
+ BYTES_TO_T_UINT_8( 0x02, 0x11, 0x6B, 0xA6, 0x11, 0x62, 0xD4, 0x2D ),
+};
+static const mbedtls_mpi_uint secp256k1_T_10_X[] = {
+ BYTES_TO_T_UINT_8( 0x19, 0x7D, 0x34, 0xB3, 0x20, 0x7F, 0x37, 0xAA ),
+ BYTES_TO_T_UINT_8( 0xBD, 0xD4, 0x45, 0xE8, 0xC2, 0xE9, 0xC5, 0xEA ),
+ BYTES_TO_T_UINT_8( 0x5A, 0x32, 0x3B, 0x25, 0x7E, 0x79, 0xAF, 0xE7 ),
+ BYTES_TO_T_UINT_8( 0x3F, 0xE4, 0x54, 0x71, 0xBE, 0x35, 0x4E, 0xD0 ),
+};
+static const mbedtls_mpi_uint secp256k1_T_10_Y[] = {
+ BYTES_TO_T_UINT_8( 0xB0, 0x94, 0xDD, 0x8F, 0xB5, 0xC2, 0xDD, 0x75 ),
+ BYTES_TO_T_UINT_8( 0x07, 0x49, 0xE9, 0x1C, 0x2F, 0x08, 0x49, 0xC6 ),
+ BYTES_TO_T_UINT_8( 0x77, 0xB6, 0x03, 0x88, 0x6F, 0xB8, 0x15, 0x67 ),
+ BYTES_TO_T_UINT_8( 0xA4, 0xD3, 0x1C, 0xF3, 0xA5, 0xEB, 0x79, 0x01 ),
+};
+static const mbedtls_mpi_uint secp256k1_T_11_X[] = {
+ BYTES_TO_T_UINT_8( 0x25, 0xF9, 0x43, 0x88, 0x89, 0x0D, 0x06, 0xEA ),
+ BYTES_TO_T_UINT_8( 0x02, 0x2D, 0xF5, 0x98, 0x32, 0xF6, 0xB1, 0x05 ),
+ BYTES_TO_T_UINT_8( 0x23, 0x73, 0x8F, 0x2B, 0x50, 0x27, 0x0A, 0xE7 ),
+ BYTES_TO_T_UINT_8( 0xA7, 0xE3, 0xBD, 0x16, 0x05, 0xC8, 0x93, 0x12 ),
+};
+static const mbedtls_mpi_uint secp256k1_T_11_Y[] = {
+ BYTES_TO_T_UINT_8( 0x0A, 0x6A, 0xF7, 0xE3, 0x3D, 0xDE, 0x5F, 0x2F ),
+ BYTES_TO_T_UINT_8( 0x47, 0xA3, 0x9C, 0x22, 0x3C, 0x33, 0x36, 0x5D ),
+ BYTES_TO_T_UINT_8( 0x20, 0x24, 0x4C, 0x69, 0x45, 0x78, 0x14, 0xAE ),
+ BYTES_TO_T_UINT_8( 0x59, 0xF8, 0xD4, 0xBF, 0xB8, 0xC0, 0xA1, 0x25 ),
+};
+static const mbedtls_mpi_uint secp256k1_T_12_X[] = {
+ BYTES_TO_T_UINT_8( 0x7E, 0x88, 0xE1, 0x91, 0x03, 0xEB, 0xB3, 0x2B ),
+ BYTES_TO_T_UINT_8( 0x5C, 0x11, 0xA1, 0xEF, 0x14, 0x0D, 0xC4, 0x7D ),
+ BYTES_TO_T_UINT_8( 0xFE, 0xD4, 0x0D, 0x1D, 0x96, 0x33, 0x5C, 0x19 ),
+ BYTES_TO_T_UINT_8( 0x70, 0x45, 0x2A, 0x1A, 0xE6, 0x57, 0x04, 0x9B ),
+};
+static const mbedtls_mpi_uint secp256k1_T_12_Y[] = {
+ BYTES_TO_T_UINT_8( 0x70, 0xB5, 0xA7, 0x80, 0xE9, 0x93, 0x97, 0x8D ),
+ BYTES_TO_T_UINT_8( 0x5D, 0xB9, 0x7C, 0xA0, 0xC9, 0x57, 0x26, 0x43 ),
+ BYTES_TO_T_UINT_8( 0x9E, 0xEF, 0x56, 0xDA, 0x66, 0xF6, 0x1B, 0x9A ),
+ BYTES_TO_T_UINT_8( 0x1F, 0x89, 0x6B, 0x91, 0xE0, 0xA9, 0x65, 0x2B ),
+};
+static const mbedtls_mpi_uint secp256k1_T_13_X[] = {
+ BYTES_TO_T_UINT_8( 0x91, 0x98, 0x96, 0x9B, 0x06, 0x7D, 0x5E, 0x5A ),
+ BYTES_TO_T_UINT_8( 0x0A, 0xFA, 0xC1, 0x5F, 0x19, 0x37, 0x94, 0x9D ),
+ BYTES_TO_T_UINT_8( 0xCF, 0xBE, 0x6B, 0x1A, 0x05, 0xE4, 0xBF, 0x9F ),
+ BYTES_TO_T_UINT_8( 0x84, 0xCD, 0x5D, 0x35, 0xB4, 0x51, 0xF7, 0x64 ),
+};
+static const mbedtls_mpi_uint secp256k1_T_13_Y[] = {
+ BYTES_TO_T_UINT_8( 0x6C, 0xEF, 0x96, 0xDB, 0xF2, 0x61, 0x63, 0x59 ),
+ BYTES_TO_T_UINT_8( 0xCB, 0x04, 0x88, 0xC9, 0x9F, 0x1B, 0x94, 0xB9 ),
+ BYTES_TO_T_UINT_8( 0xDB, 0x30, 0x79, 0x7E, 0x24, 0xE7, 0x5F, 0xB8 ),
+ BYTES_TO_T_UINT_8( 0x3F, 0xB8, 0x90, 0xB7, 0x94, 0x25, 0xBB, 0x0F ),
+};
+static const mbedtls_mpi_uint secp256k1_T_14_X[] = {
+ BYTES_TO_T_UINT_8( 0x62, 0x79, 0xEA, 0xAD, 0xC0, 0x6D, 0x18, 0x57 ),
+ BYTES_TO_T_UINT_8( 0xE9, 0xA4, 0x58, 0x2A, 0x8D, 0x95, 0xB3, 0xE6 ),
+ BYTES_TO_T_UINT_8( 0xC8, 0xC4, 0xC2, 0x12, 0x0D, 0x79, 0xE2, 0x2B ),
+ BYTES_TO_T_UINT_8( 0x02, 0x6F, 0xBE, 0x97, 0x4D, 0xA4, 0x20, 0x07 ),
+};
+static const mbedtls_mpi_uint secp256k1_T_14_Y[] = {
+ BYTES_TO_T_UINT_8( 0xCA, 0x31, 0x71, 0xC6, 0xA6, 0x91, 0xEB, 0x1F ),
+ BYTES_TO_T_UINT_8( 0xB4, 0x9B, 0xA8, 0x4A, 0xE7, 0x77, 0xE1, 0xAA ),
+ BYTES_TO_T_UINT_8( 0xA9, 0x06, 0xD3, 0x3D, 0x94, 0x30, 0xEF, 0x8C ),
+ BYTES_TO_T_UINT_8( 0xE7, 0xDF, 0xCA, 0xFA, 0xF5, 0x28, 0xF8, 0xC9 ),
+};
+static const mbedtls_mpi_uint secp256k1_T_15_X[] = {
+ BYTES_TO_T_UINT_8( 0xCC, 0xE1, 0x32, 0xFD, 0x3E, 0x81, 0xF8, 0x11 ),
+ BYTES_TO_T_UINT_8( 0xCD, 0xF2, 0x4B, 0x1D, 0x19, 0xC9, 0x0F, 0xCC ),
+ BYTES_TO_T_UINT_8( 0x59, 0xB1, 0x8A, 0x22, 0x8B, 0x05, 0x6B, 0x56 ),
+ BYTES_TO_T_UINT_8( 0x35, 0x21, 0xEF, 0x30, 0xEC, 0x09, 0x2A, 0x89 ),
+};
+static const mbedtls_mpi_uint secp256k1_T_15_Y[] = {
+ BYTES_TO_T_UINT_8( 0x15, 0x84, 0x4A, 0x46, 0x07, 0x6C, 0x3C, 0x4C ),
+ BYTES_TO_T_UINT_8( 0xDD, 0x18, 0x3A, 0xF4, 0xCC, 0xF5, 0xB2, 0xF2 ),
+ BYTES_TO_T_UINT_8( 0x4F, 0x8F, 0xCD, 0x0A, 0x9C, 0xF4, 0xBD, 0x95 ),
+ BYTES_TO_T_UINT_8( 0x37, 0x89, 0x7F, 0x8A, 0xB1, 0x52, 0x3A, 0xAB ),
+};
+static const mbedtls_ecp_point secp256k1_T[16] = {
+ ECP_POINT_INIT_XY_Z1(secp256k1_T_0_X, secp256k1_T_0_Y),
+ ECP_POINT_INIT_XY_Z0(secp256k1_T_1_X, secp256k1_T_1_Y),
+ ECP_POINT_INIT_XY_Z0(secp256k1_T_2_X, secp256k1_T_2_Y),
+ ECP_POINT_INIT_XY_Z0(secp256k1_T_3_X, secp256k1_T_3_Y),
+ ECP_POINT_INIT_XY_Z0(secp256k1_T_4_X, secp256k1_T_4_Y),
+ ECP_POINT_INIT_XY_Z0(secp256k1_T_5_X, secp256k1_T_5_Y),
+ ECP_POINT_INIT_XY_Z0(secp256k1_T_6_X, secp256k1_T_6_Y),
+ ECP_POINT_INIT_XY_Z0(secp256k1_T_7_X, secp256k1_T_7_Y),
+ ECP_POINT_INIT_XY_Z0(secp256k1_T_8_X, secp256k1_T_8_Y),
+ ECP_POINT_INIT_XY_Z0(secp256k1_T_9_X, secp256k1_T_9_Y),
+ ECP_POINT_INIT_XY_Z0(secp256k1_T_10_X, secp256k1_T_10_Y),
+ ECP_POINT_INIT_XY_Z0(secp256k1_T_11_X, secp256k1_T_11_Y),
+ ECP_POINT_INIT_XY_Z0(secp256k1_T_12_X, secp256k1_T_12_Y),
+ ECP_POINT_INIT_XY_Z0(secp256k1_T_13_X, secp256k1_T_13_Y),
+ ECP_POINT_INIT_XY_Z0(secp256k1_T_14_X, secp256k1_T_14_Y),
+ ECP_POINT_INIT_XY_Z0(secp256k1_T_15_X, secp256k1_T_15_Y),
+};
+#else
+#define secp256k1_T NULL
+#endif
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
/*
@@ -431,6 +2976,222 @@
BYTES_TO_T_UINT_8( 0x71, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ),
BYTES_TO_T_UINT_8( 0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9 ),
};
+
+#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
+static const mbedtls_mpi_uint brainpoolP256r1_T_0_X[] = {
+ BYTES_TO_T_UINT_8( 0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A ),
+ BYTES_TO_T_UINT_8( 0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9 ),
+ BYTES_TO_T_UINT_8( 0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C ),
+ BYTES_TO_T_UINT_8( 0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_0_Y[] = {
+ BYTES_TO_T_UINT_8( 0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C ),
+ BYTES_TO_T_UINT_8( 0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2 ),
+ BYTES_TO_T_UINT_8( 0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97 ),
+ BYTES_TO_T_UINT_8( 0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54 ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_1_X[] = {
+ BYTES_TO_T_UINT_8( 0x3C, 0xA2, 0xED, 0x52, 0xC9, 0x8C, 0xE3, 0xA5 ),
+ BYTES_TO_T_UINT_8( 0x72, 0xC9, 0xC4, 0x87, 0x3F, 0x93, 0x7A, 0xD1 ),
+ BYTES_TO_T_UINT_8( 0x96, 0x12, 0x53, 0x61, 0x3E, 0x76, 0x08, 0xCB ),
+ BYTES_TO_T_UINT_8( 0x09, 0x8C, 0x74, 0xF4, 0x08, 0xC3, 0x76, 0x80 ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_1_Y[] = {
+ BYTES_TO_T_UINT_8( 0x05, 0xDD, 0x09, 0xA6, 0xED, 0xEE, 0xC4, 0x38 ),
+ BYTES_TO_T_UINT_8( 0x74, 0xD9, 0xBE, 0x4B, 0xA5, 0xB7, 0x2B, 0x6E ),
+ BYTES_TO_T_UINT_8( 0x42, 0x20, 0x12, 0xCA, 0x0A, 0x38, 0x24, 0xAB ),
+ BYTES_TO_T_UINT_8( 0x00, 0x72, 0x71, 0x90, 0x7A, 0x2E, 0xB7, 0x23 ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_2_X[] = {
+ BYTES_TO_T_UINT_8( 0x2C, 0x66, 0xA1, 0x93, 0x10, 0x2A, 0x51, 0x17 ),
+ BYTES_TO_T_UINT_8( 0x88, 0x10, 0x11, 0x12, 0xBC, 0xB0, 0xB6, 0x93 ),
+ BYTES_TO_T_UINT_8( 0x3C, 0x58, 0xD7, 0x0A, 0x84, 0x05, 0xA3, 0x9C ),
+ BYTES_TO_T_UINT_8( 0xF7, 0x8E, 0x95, 0x61, 0xD3, 0x0B, 0xDF, 0x36 ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_2_Y[] = {
+ BYTES_TO_T_UINT_8( 0xF9, 0x92, 0x12, 0x0F, 0x5E, 0x87, 0x70, 0x1B ),
+ BYTES_TO_T_UINT_8( 0x38, 0xE9, 0x9B, 0xEB, 0x3A, 0xFB, 0xCF, 0xC4 ),
+ BYTES_TO_T_UINT_8( 0xDC, 0x92, 0xB9, 0xF7, 0x45, 0xD3, 0x06, 0xB6 ),
+ BYTES_TO_T_UINT_8( 0x82, 0x28, 0x65, 0xE1, 0xC5, 0x6C, 0x57, 0x18 ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_3_X[] = {
+ BYTES_TO_T_UINT_8( 0x28, 0x0E, 0x77, 0x01, 0x81, 0x9E, 0x38, 0x5C ),
+ BYTES_TO_T_UINT_8( 0x71, 0xF0, 0xD5, 0xA5, 0x91, 0x2B, 0xDF, 0xC0 ),
+ BYTES_TO_T_UINT_8( 0xD8, 0xEE, 0xB6, 0x25, 0xD6, 0x98, 0xDE, 0x2D ),
+ BYTES_TO_T_UINT_8( 0x7B, 0xA1, 0x55, 0x63, 0x39, 0xEB, 0xB5, 0x47 ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_3_Y[] = {
+ BYTES_TO_T_UINT_8( 0xB6, 0xD6, 0xB8, 0xE3, 0x13, 0xED, 0x7F, 0xA3 ),
+ BYTES_TO_T_UINT_8( 0x6C, 0xE8, 0xAE, 0x36, 0xB8, 0xCD, 0x19, 0x02 ),
+ BYTES_TO_T_UINT_8( 0xF9, 0x82, 0x83, 0x7A, 0x7B, 0x46, 0x56, 0xE8 ),
+ BYTES_TO_T_UINT_8( 0x4E, 0x60, 0x46, 0x15, 0x5A, 0xAC, 0x99, 0x30 ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_4_X[] = {
+ BYTES_TO_T_UINT_8( 0xBF, 0x61, 0x50, 0xC6, 0xFF, 0x10, 0x7D, 0x04 ),
+ BYTES_TO_T_UINT_8( 0x92, 0x51, 0xDF, 0xA9, 0x7D, 0x78, 0x26, 0x74 ),
+ BYTES_TO_T_UINT_8( 0x56, 0x15, 0x9A, 0xF7, 0x01, 0xC1, 0xBB, 0x40 ),
+ BYTES_TO_T_UINT_8( 0x26, 0x0F, 0xE6, 0x2A, 0xBD, 0x4A, 0x9E, 0x87 ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_4_Y[] = {
+ BYTES_TO_T_UINT_8( 0x57, 0xF8, 0xD1, 0x77, 0xD2, 0x49, 0xB3, 0xDD ),
+ BYTES_TO_T_UINT_8( 0x36, 0x86, 0xFB, 0x9E, 0x1F, 0x5A, 0x60, 0x47 ),
+ BYTES_TO_T_UINT_8( 0x98, 0xC4, 0x8D, 0xCD, 0x86, 0x61, 0x2F, 0xF9 ),
+ BYTES_TO_T_UINT_8( 0x41, 0xF6, 0xB9, 0xAC, 0x37, 0x9D, 0xE9, 0x28 ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_5_X[] = {
+ BYTES_TO_T_UINT_8( 0xFA, 0x77, 0xAA, 0x97, 0x9C, 0x0B, 0x04, 0x20 ),
+ BYTES_TO_T_UINT_8( 0x80, 0xA6, 0x60, 0x81, 0xCE, 0x25, 0x13, 0x3E ),
+ BYTES_TO_T_UINT_8( 0x24, 0x00, 0xF3, 0xBB, 0x82, 0x99, 0x95, 0xB7 ),
+ BYTES_TO_T_UINT_8( 0x47, 0x5A, 0xCE, 0x90, 0x71, 0x38, 0x2F, 0x10 ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_5_Y[] = {
+ BYTES_TO_T_UINT_8( 0xA7, 0x1A, 0xC0, 0x84, 0x27, 0xD6, 0x9D, 0xB7 ),
+ BYTES_TO_T_UINT_8( 0x34, 0x37, 0x52, 0x16, 0x13, 0x0E, 0xCE, 0x92 ),
+ BYTES_TO_T_UINT_8( 0x1E, 0xBF, 0x5A, 0xDB, 0xDB, 0x6E, 0x1E, 0x69 ),
+ BYTES_TO_T_UINT_8( 0x3E, 0xB7, 0x5E, 0xF9, 0x86, 0xDD, 0x8A, 0x5C ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_6_X[] = {
+ BYTES_TO_T_UINT_8( 0x3D, 0xAB, 0x5C, 0x8D, 0x1D, 0xF2, 0x2D, 0x1E ),
+ BYTES_TO_T_UINT_8( 0x65, 0xC5, 0xF8, 0xF7, 0x1D, 0x96, 0x0B, 0x4D ),
+ BYTES_TO_T_UINT_8( 0xAC, 0x4C, 0xA7, 0x45, 0x20, 0x6A, 0x1E, 0x5B ),
+ BYTES_TO_T_UINT_8( 0x21, 0x5D, 0xEF, 0xDE, 0xEE, 0x39, 0x44, 0x19 ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_6_Y[] = {
+ BYTES_TO_T_UINT_8( 0x4B, 0x2F, 0x6D, 0x52, 0xC9, 0x58, 0x60, 0xE8 ),
+ BYTES_TO_T_UINT_8( 0xC3, 0xC9, 0x62, 0xCB, 0x38, 0x3C, 0x55, 0xCA ),
+ BYTES_TO_T_UINT_8( 0xFF, 0xA5, 0x09, 0x10, 0x88, 0xDB, 0xE3, 0xBD ),
+ BYTES_TO_T_UINT_8( 0x52, 0xE0, 0x3C, 0xCE, 0x06, 0x0B, 0x4B, 0x5D ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_7_X[] = {
+ BYTES_TO_T_UINT_8( 0xB1, 0x1D, 0xB4, 0x10, 0x76, 0x8F, 0xBA, 0x09 ),
+ BYTES_TO_T_UINT_8( 0x57, 0x70, 0x5A, 0x07, 0xF5, 0x1A, 0x74, 0xC7 ),
+ BYTES_TO_T_UINT_8( 0x0B, 0xE9, 0x94, 0xA8, 0xC0, 0xD5, 0x4A, 0x4A ),
+ BYTES_TO_T_UINT_8( 0x3E, 0x6D, 0xD4, 0xE8, 0x9B, 0xE9, 0x6D, 0x0E ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_7_Y[] = {
+ BYTES_TO_T_UINT_8( 0x65, 0x00, 0x32, 0x41, 0x57, 0x84, 0x89, 0x52 ),
+ BYTES_TO_T_UINT_8( 0xEE, 0xC7, 0x14, 0xEC, 0xE9, 0x27, 0xFF, 0xF3 ),
+ BYTES_TO_T_UINT_8( 0x9A, 0x67, 0x9E, 0xFB, 0xB6, 0xB8, 0x96, 0xF3 ),
+ BYTES_TO_T_UINT_8( 0xE5, 0x4A, 0xE3, 0x97, 0x4B, 0x58, 0xDE, 0x30 ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_8_X[] = {
+ BYTES_TO_T_UINT_8( 0xA6, 0x1E, 0x5C, 0xF5, 0x7F, 0xD5, 0xD4, 0xAA ),
+ BYTES_TO_T_UINT_8( 0x5D, 0x08, 0x7A, 0xF1, 0xBD, 0x89, 0xC7, 0x1E ),
+ BYTES_TO_T_UINT_8( 0x3A, 0xF9, 0x11, 0x1B, 0xF5, 0x3C, 0x6D, 0x8C ),
+ BYTES_TO_T_UINT_8( 0x19, 0x50, 0xE5, 0x69, 0x1D, 0x59, 0xFC, 0x0C ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_8_Y[] = {
+ BYTES_TO_T_UINT_8( 0xF1, 0x2F, 0xF8, 0x3F, 0xEC, 0x55, 0x99, 0x57 ),
+ BYTES_TO_T_UINT_8( 0x41, 0xA7, 0x29, 0x90, 0x43, 0x81, 0x31, 0x4C ),
+ BYTES_TO_T_UINT_8( 0xC3, 0x18, 0x44, 0x50, 0x5D, 0x76, 0xCB, 0xDD ),
+ BYTES_TO_T_UINT_8( 0xF0, 0xC5, 0x5B, 0x9A, 0x03, 0xE6, 0x17, 0x39 ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_9_X[] = {
+ BYTES_TO_T_UINT_8( 0x21, 0x89, 0xFC, 0x55, 0x94, 0x91, 0x6A, 0xA2 ),
+ BYTES_TO_T_UINT_8( 0x74, 0x46, 0x35, 0xF2, 0x3A, 0x42, 0x08, 0x2F ),
+ BYTES_TO_T_UINT_8( 0xD3, 0xD2, 0x76, 0x49, 0x42, 0x87, 0xD3, 0x7F ),
+ BYTES_TO_T_UINT_8( 0x90, 0xEA, 0xA0, 0x52, 0xF1, 0x6A, 0x30, 0x57 ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_9_Y[] = {
+ BYTES_TO_T_UINT_8( 0x00, 0xB2, 0x57, 0xA3, 0x8A, 0x4D, 0x1B, 0x3C ),
+ BYTES_TO_T_UINT_8( 0xFC, 0xA3, 0x99, 0x94, 0xB5, 0x3D, 0x64, 0x09 ),
+ BYTES_TO_T_UINT_8( 0x35, 0xC3, 0xD7, 0x53, 0xF6, 0x49, 0x1C, 0x60 ),
+ BYTES_TO_T_UINT_8( 0x27, 0x23, 0x41, 0x4D, 0xFB, 0x7A, 0x5C, 0x53 ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_10_X[] = {
+ BYTES_TO_T_UINT_8( 0xCA, 0xB8, 0x15, 0x65, 0x5C, 0x85, 0x94, 0xD7 ),
+ BYTES_TO_T_UINT_8( 0xAC, 0x37, 0xC7, 0xF8, 0x7E, 0xAE, 0x6C, 0x10 ),
+ BYTES_TO_T_UINT_8( 0x53, 0xD8, 0x11, 0x54, 0x98, 0x44, 0xE3, 0xF1 ),
+ BYTES_TO_T_UINT_8( 0xE4, 0x4D, 0xA6, 0x4B, 0x28, 0xF2, 0x57, 0x9E ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_10_Y[] = {
+ BYTES_TO_T_UINT_8( 0xF6, 0xD0, 0xEB, 0x1E, 0xAA, 0x30, 0xD3, 0x6A ),
+ BYTES_TO_T_UINT_8( 0x58, 0x9B, 0x4D, 0xA7, 0x73, 0x6E, 0xB6, 0x45 ),
+ BYTES_TO_T_UINT_8( 0x5D, 0x47, 0xF6, 0xED, 0x37, 0xEF, 0x71, 0x4D ),
+ BYTES_TO_T_UINT_8( 0xA8, 0xB5, 0x49, 0x61, 0x5E, 0x45, 0xF6, 0x4A ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_11_X[] = {
+ BYTES_TO_T_UINT_8( 0xEF, 0x0E, 0xB3, 0x84, 0x3A, 0x63, 0x72, 0x84 ),
+ BYTES_TO_T_UINT_8( 0x6D, 0x53, 0x5C, 0xA7, 0xC6, 0x2E, 0xAB, 0x9E ),
+ BYTES_TO_T_UINT_8( 0xEB, 0x0F, 0x8F, 0x87, 0x50, 0x28, 0xB4, 0xAE ),
+ BYTES_TO_T_UINT_8( 0x5C, 0x98, 0x4A, 0x98, 0x31, 0x86, 0xCA, 0x51 ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_11_Y[] = {
+ BYTES_TO_T_UINT_8( 0xBE, 0xC9, 0xE2, 0xFD, 0x5D, 0x1F, 0xE8, 0xC2 ),
+ BYTES_TO_T_UINT_8( 0xD5, 0x90, 0x91, 0xC4, 0x84, 0xF0, 0xBA, 0xC5 ),
+ BYTES_TO_T_UINT_8( 0x6C, 0x5A, 0xB3, 0x4E, 0xFB, 0xE0, 0x57, 0xE8 ),
+ BYTES_TO_T_UINT_8( 0x6B, 0x0B, 0x90, 0xA6, 0xFD, 0x9D, 0x8E, 0x02 ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_12_X[] = {
+ BYTES_TO_T_UINT_8( 0xF8, 0x41, 0x8F, 0x31, 0xFA, 0x5A, 0xF6, 0x33 ),
+ BYTES_TO_T_UINT_8( 0xAC, 0xE9, 0xE3, 0xF6, 0xE0, 0x4A, 0xE7, 0xD2 ),
+ BYTES_TO_T_UINT_8( 0x84, 0x4E, 0xCD, 0xA2, 0x22, 0x14, 0xD4, 0x12 ),
+ BYTES_TO_T_UINT_8( 0x7C, 0xED, 0x21, 0xB7, 0x0F, 0x53, 0x10, 0x17 ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_12_Y[] = {
+ BYTES_TO_T_UINT_8( 0x05, 0x06, 0x24, 0x2C, 0x4E, 0xD1, 0x1E, 0x9F ),
+ BYTES_TO_T_UINT_8( 0xD7, 0x3F, 0xC1, 0x9F, 0xAB, 0xF0, 0x37, 0x95 ),
+ BYTES_TO_T_UINT_8( 0x03, 0x5E, 0x12, 0xCE, 0x83, 0x1B, 0x2A, 0x18 ),
+ BYTES_TO_T_UINT_8( 0x61, 0x65, 0xCF, 0xE8, 0x5C, 0xA5, 0xA2, 0x70 ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_13_X[] = {
+ BYTES_TO_T_UINT_8( 0xB8, 0x86, 0x76, 0x3A, 0x94, 0xF6, 0x1D, 0xC1 ),
+ BYTES_TO_T_UINT_8( 0x1D, 0xDA, 0xC9, 0xA6, 0x29, 0x93, 0x15, 0x10 ),
+ BYTES_TO_T_UINT_8( 0x6D, 0x61, 0x6A, 0x7D, 0xC7, 0xA9, 0xF3, 0x76 ),
+ BYTES_TO_T_UINT_8( 0x4A, 0x03, 0x71, 0xA2, 0x15, 0xCE, 0x50, 0x72 ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_13_Y[] = {
+ BYTES_TO_T_UINT_8( 0xB6, 0xD0, 0xA8, 0x1E, 0x91, 0xC4, 0x4F, 0x24 ),
+ BYTES_TO_T_UINT_8( 0x2D, 0x4B, 0x7E, 0xD7, 0x71, 0x58, 0x7E, 0x1E ),
+ BYTES_TO_T_UINT_8( 0x93, 0x45, 0xAF, 0x2A, 0x18, 0x93, 0x95, 0x3B ),
+ BYTES_TO_T_UINT_8( 0x1B, 0x8F, 0xC7, 0xFA, 0x4C, 0x7A, 0x86, 0x54 ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_14_X[] = {
+ BYTES_TO_T_UINT_8( 0x97, 0xAF, 0x68, 0x3A, 0x23, 0xC1, 0x2E, 0xBF ),
+ BYTES_TO_T_UINT_8( 0x89, 0x50, 0x11, 0x67, 0x39, 0xB9, 0xAF, 0x48 ),
+ BYTES_TO_T_UINT_8( 0x19, 0x86, 0xAA, 0x1E, 0x88, 0x21, 0x29, 0x8B ),
+ BYTES_TO_T_UINT_8( 0xCD, 0x28, 0xA4, 0x9D, 0x89, 0xA9, 0x9A, 0x10 ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_14_Y[] = {
+ BYTES_TO_T_UINT_8( 0x91, 0xBA, 0x04, 0x67, 0xB7, 0x01, 0x40, 0x38 ),
+ BYTES_TO_T_UINT_8( 0x08, 0xE9, 0x09, 0xA3, 0xCA, 0xA6, 0x37, 0xF6 ),
+ BYTES_TO_T_UINT_8( 0x6C, 0x97, 0xA8, 0xB6, 0x3C, 0xEE, 0x90, 0x3D ),
+ BYTES_TO_T_UINT_8( 0xDC, 0xED, 0xC4, 0xF7, 0xC3, 0x95, 0xEC, 0x85 ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_15_X[] = {
+ BYTES_TO_T_UINT_8( 0xF5, 0x84, 0xBD, 0xEB, 0xD5, 0x64, 0xBB, 0x9D ),
+ BYTES_TO_T_UINT_8( 0xDB, 0x9B, 0xE2, 0x28, 0x50, 0xC2, 0x72, 0x40 ),
+ BYTES_TO_T_UINT_8( 0x39, 0xF2, 0x74, 0xD1, 0x26, 0xBF, 0x32, 0x68 ),
+ BYTES_TO_T_UINT_8( 0x36, 0xCB, 0xAF, 0x72, 0xDB, 0x6D, 0x30, 0x98 ),
+};
+static const mbedtls_mpi_uint brainpoolP256r1_T_15_Y[] = {
+ BYTES_TO_T_UINT_8( 0xB3, 0x50, 0x85, 0xF4, 0x2B, 0x48, 0xC1, 0xAD ),
+ BYTES_TO_T_UINT_8( 0xC0, 0x28, 0xBB, 0x11, 0xBA, 0x5B, 0x22, 0x6C ),
+ BYTES_TO_T_UINT_8( 0xAD, 0xA1, 0xE5, 0x5C, 0xC9, 0x1D, 0x44, 0x45 ),
+ BYTES_TO_T_UINT_8( 0xD4, 0xE8, 0xE6, 0x6F, 0xBB, 0xC1, 0x81, 0x7F ),
+};
+static const mbedtls_ecp_point brainpoolP256r1_T[16] = {
+ ECP_POINT_INIT_XY_Z1(brainpoolP256r1_T_0_X, brainpoolP256r1_T_0_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_1_X, brainpoolP256r1_T_1_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_2_X, brainpoolP256r1_T_2_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_3_X, brainpoolP256r1_T_3_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_4_X, brainpoolP256r1_T_4_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_5_X, brainpoolP256r1_T_5_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_6_X, brainpoolP256r1_T_6_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_7_X, brainpoolP256r1_T_7_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_8_X, brainpoolP256r1_T_8_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_9_X, brainpoolP256r1_T_9_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_10_X, brainpoolP256r1_T_10_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_11_X, brainpoolP256r1_T_11_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_12_X, brainpoolP256r1_T_12_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_13_X, brainpoolP256r1_T_13_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_14_X, brainpoolP256r1_T_14_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP256r1_T_15_X, brainpoolP256r1_T_15_Y),
+};
+#else
+#define brainpoolP256r1_T NULL
+#endif
+
#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
/*
@@ -485,6 +3246,558 @@
BYTES_TO_T_UINT_8( 0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F ),
BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C ),
};
+
+#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
+static const mbedtls_mpi_uint brainpoolP384r1_T_0_X[] = {
+ BYTES_TO_T_UINT_8( 0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF ),
+ BYTES_TO_T_UINT_8( 0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8 ),
+ BYTES_TO_T_UINT_8( 0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB ),
+ BYTES_TO_T_UINT_8( 0xE3, 0x4F, 0xF1, 0x7E, 0xE7, 0xA3, 0x47, 0x88 ),
+ BYTES_TO_T_UINT_8( 0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2 ),
+ BYTES_TO_T_UINT_8( 0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_0_Y[] = {
+ BYTES_TO_T_UINT_8( 0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42 ),
+ BYTES_TO_T_UINT_8( 0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E ),
+ BYTES_TO_T_UINT_8( 0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1 ),
+ BYTES_TO_T_UINT_8( 0x64, 0x58, 0xEC, 0xFE, 0x29, 0x0B, 0xB7, 0x62 ),
+ BYTES_TO_T_UINT_8( 0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C ),
+ BYTES_TO_T_UINT_8( 0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_1_X[] = {
+ BYTES_TO_T_UINT_8( 0x93, 0xD8, 0x8A, 0x54, 0x41, 0xD6, 0x6B, 0x1D ),
+ BYTES_TO_T_UINT_8( 0xE2, 0x3B, 0xF1, 0x22, 0xFD, 0x2D, 0x4B, 0x03 ),
+ BYTES_TO_T_UINT_8( 0x01, 0x55, 0xE3, 0x33, 0xF0, 0x73, 0x52, 0x5A ),
+ BYTES_TO_T_UINT_8( 0xC1, 0x3F, 0x30, 0x26, 0xCA, 0x7F, 0x52, 0xA3 ),
+ BYTES_TO_T_UINT_8( 0xD3, 0x6E, 0x17, 0x9B, 0xD5, 0x2A, 0x4A, 0x31 ),
+ BYTES_TO_T_UINT_8( 0x86, 0xDA, 0x6B, 0xE5, 0x03, 0x07, 0x1D, 0x2E ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_1_Y[] = {
+ BYTES_TO_T_UINT_8( 0x51, 0x7A, 0xAF, 0x98, 0xE3, 0xA4, 0xF6, 0x19 ),
+ BYTES_TO_T_UINT_8( 0xEC, 0x7D, 0xFE, 0x51, 0x40, 0x3B, 0x47, 0xD2 ),
+ BYTES_TO_T_UINT_8( 0xFC, 0x88, 0xEC, 0xC4, 0xE2, 0x8F, 0xCB, 0xA4 ),
+ BYTES_TO_T_UINT_8( 0x30, 0xE2, 0x88, 0x2D, 0x4E, 0x50, 0xEB, 0x9A ),
+ BYTES_TO_T_UINT_8( 0x13, 0x54, 0x94, 0x5E, 0xF4, 0x7F, 0x3A, 0x04 ),
+ BYTES_TO_T_UINT_8( 0xCD, 0x07, 0x1C, 0xE1, 0xBD, 0x0F, 0xF8, 0x63 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_2_X[] = {
+ BYTES_TO_T_UINT_8( 0x94, 0x92, 0x28, 0x2E, 0x32, 0x04, 0xB1, 0x4D ),
+ BYTES_TO_T_UINT_8( 0x25, 0x82, 0x44, 0x43, 0x76, 0x0D, 0x55, 0xBF ),
+ BYTES_TO_T_UINT_8( 0x5B, 0xE3, 0xFF, 0x89, 0x46, 0xDE, 0x4E, 0xFE ),
+ BYTES_TO_T_UINT_8( 0x5B, 0x22, 0xBB, 0x67, 0x1A, 0x81, 0xEE, 0x27 ),
+ BYTES_TO_T_UINT_8( 0xC8, 0x54, 0xE2, 0x7A, 0xAE, 0xDA, 0x2C, 0xD0 ),
+ BYTES_TO_T_UINT_8( 0x74, 0x9A, 0x90, 0xAA, 0x6E, 0x8B, 0xCC, 0x5F ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_2_Y[] = {
+ BYTES_TO_T_UINT_8( 0x16, 0x40, 0xAC, 0xED, 0x7D, 0x37, 0x87, 0xAC ),
+ BYTES_TO_T_UINT_8( 0x98, 0xF8, 0xB1, 0x80, 0x4C, 0x8C, 0x04, 0x42 ),
+ BYTES_TO_T_UINT_8( 0xC2, 0x98, 0x2C, 0xAD, 0x30, 0x69, 0x35, 0xC0 ),
+ BYTES_TO_T_UINT_8( 0x32, 0x2E, 0x00, 0x2F, 0x44, 0x8C, 0xF0, 0xC0 ),
+ BYTES_TO_T_UINT_8( 0x16, 0x58, 0x07, 0xD7, 0xCD, 0x60, 0xA1, 0x5B ),
+ BYTES_TO_T_UINT_8( 0xAF, 0xFB, 0x7B, 0x03, 0x05, 0x5E, 0x79, 0x73 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_3_X[] = {
+ BYTES_TO_T_UINT_8( 0xC8, 0x17, 0xCE, 0x38, 0x4B, 0x5E, 0x5B, 0xC8 ),
+ BYTES_TO_T_UINT_8( 0x60, 0x0E, 0x0A, 0x61, 0x9D, 0x7C, 0x62, 0x08 ),
+ BYTES_TO_T_UINT_8( 0x25, 0xF0, 0x98, 0x71, 0x7F, 0x17, 0x26, 0xD7 ),
+ BYTES_TO_T_UINT_8( 0x83, 0xD3, 0xFA, 0x3C, 0xF0, 0x70, 0x07, 0x82 ),
+ BYTES_TO_T_UINT_8( 0x29, 0x47, 0x5C, 0x09, 0x43, 0xB7, 0x65, 0x15 ),
+ BYTES_TO_T_UINT_8( 0x0E, 0xA9, 0xA7, 0x3E, 0xFA, 0xF3, 0xEC, 0x22 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_3_Y[] = {
+ BYTES_TO_T_UINT_8( 0xDA, 0x78, 0x22, 0x2B, 0x58, 0x71, 0xFA, 0xAA ),
+ BYTES_TO_T_UINT_8( 0x00, 0x30, 0xCE, 0x6A, 0xB3, 0xB0, 0x4F, 0x83 ),
+ BYTES_TO_T_UINT_8( 0xCF, 0x95, 0x20, 0xA9, 0x23, 0xC2, 0x65, 0xE7 ),
+ BYTES_TO_T_UINT_8( 0x55, 0xCF, 0x03, 0x5B, 0x8A, 0x80, 0x44, 0xBB ),
+ BYTES_TO_T_UINT_8( 0x5C, 0xF8, 0x91, 0xF7, 0xD5, 0xED, 0xEA, 0x81 ),
+ BYTES_TO_T_UINT_8( 0x40, 0x5B, 0x16, 0x10, 0x25, 0xAC, 0x2A, 0x17 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_4_X[] = {
+ BYTES_TO_T_UINT_8( 0xF2, 0xEC, 0xDC, 0xC4, 0x7B, 0x8C, 0x6B, 0xE9 ),
+ BYTES_TO_T_UINT_8( 0x2B, 0xBB, 0x1C, 0xD3, 0x5A, 0xEE, 0xD9, 0x97 ),
+ BYTES_TO_T_UINT_8( 0x64, 0x5D, 0x30, 0x5E, 0xF7, 0xB2, 0x41, 0x9D ),
+ BYTES_TO_T_UINT_8( 0xED, 0xCE, 0x0F, 0x1A, 0xC6, 0x41, 0x64, 0x62 ),
+ BYTES_TO_T_UINT_8( 0xF2, 0x18, 0xE1, 0xE3, 0x82, 0x15, 0x66, 0x4B ),
+ BYTES_TO_T_UINT_8( 0x9B, 0xE2, 0x24, 0x04, 0x72, 0x39, 0xA0, 0x7C ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_4_Y[] = {
+ BYTES_TO_T_UINT_8( 0x2B, 0x51, 0xA2, 0x58, 0x88, 0x62, 0xE1, 0x02 ),
+ BYTES_TO_T_UINT_8( 0x58, 0xD2, 0x65, 0x14, 0xE9, 0x4C, 0x82, 0x30 ),
+ BYTES_TO_T_UINT_8( 0xDC, 0xE1, 0xAC, 0x87, 0xAE, 0x31, 0x1A, 0x7A ),
+ BYTES_TO_T_UINT_8( 0x85, 0x4F, 0x96, 0x1E, 0x85, 0x7A, 0xC3, 0x2B ),
+ BYTES_TO_T_UINT_8( 0xF0, 0x86, 0xBB, 0xF0, 0xC0, 0x9D, 0x08, 0x7B ),
+ BYTES_TO_T_UINT_8( 0xBD, 0x53, 0x03, 0x09, 0x80, 0x91, 0xEF, 0x68 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_5_X[] = {
+ BYTES_TO_T_UINT_8( 0x2D, 0xD7, 0xAF, 0x6F, 0x69, 0x7B, 0x88, 0xA1 ),
+ BYTES_TO_T_UINT_8( 0xAF, 0x13, 0xE4, 0x30, 0xA2, 0x47, 0xB5, 0xC1 ),
+ BYTES_TO_T_UINT_8( 0x0F, 0xD2, 0xC0, 0xDD, 0x8A, 0x1C, 0x3C, 0xF2 ),
+ BYTES_TO_T_UINT_8( 0xF9, 0x8C, 0xB3, 0x4C, 0xBA, 0x8B, 0x6D, 0xCF ),
+ BYTES_TO_T_UINT_8( 0x6B, 0xC7, 0xA1, 0xA8, 0x6E, 0x3C, 0x4F, 0xF1 ),
+ BYTES_TO_T_UINT_8( 0x94, 0x4A, 0x97, 0xC8, 0x03, 0x6F, 0x01, 0x82 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_5_Y[] = {
+ BYTES_TO_T_UINT_8( 0x74, 0x18, 0x12, 0xA9, 0x39, 0xD5, 0x22, 0x26 ),
+ BYTES_TO_T_UINT_8( 0x47, 0xA7, 0xC0, 0xBD, 0x9D, 0x8D, 0x78, 0x38 ),
+ BYTES_TO_T_UINT_8( 0xA9, 0xB3, 0xD0, 0x7F, 0xDF, 0xD0, 0x30, 0xDE ),
+ BYTES_TO_T_UINT_8( 0x37, 0x25, 0x73, 0x96, 0xEC, 0xA8, 0x1D, 0x7C ),
+ BYTES_TO_T_UINT_8( 0x91, 0xD1, 0x65, 0x66, 0xDC, 0xD9, 0xCF, 0xDF ),
+ BYTES_TO_T_UINT_8( 0x95, 0xED, 0x7B, 0x37, 0xAD, 0xE2, 0xBE, 0x2D ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_6_X[] = {
+ BYTES_TO_T_UINT_8( 0x50, 0x79, 0x42, 0x6A, 0x07, 0x66, 0xB1, 0xBD ),
+ BYTES_TO_T_UINT_8( 0x45, 0x53, 0x62, 0x65, 0x92, 0x09, 0x4C, 0xA1 ),
+ BYTES_TO_T_UINT_8( 0x06, 0xAF, 0xC3, 0x03, 0xF6, 0xF4, 0x2D, 0x9B ),
+ BYTES_TO_T_UINT_8( 0xE8, 0xCA, 0x41, 0xD9, 0xA2, 0x69, 0x9B, 0xC9 ),
+ BYTES_TO_T_UINT_8( 0x4B, 0xB2, 0xA6, 0x8D, 0xE1, 0xAA, 0x61, 0x76 ),
+ BYTES_TO_T_UINT_8( 0x11, 0xBA, 0x4D, 0x12, 0xB6, 0xBE, 0xF3, 0x7E ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_6_Y[] = {
+ BYTES_TO_T_UINT_8( 0xCA, 0xD9, 0x92, 0x22, 0x07, 0xCE, 0xC9, 0x26 ),
+ BYTES_TO_T_UINT_8( 0x62, 0xA1, 0x7C, 0x91, 0xDB, 0x32, 0xF7, 0xE5 ),
+ BYTES_TO_T_UINT_8( 0x6D, 0x49, 0x4B, 0x6D, 0xFB, 0xD9, 0x70, 0x3B ),
+ BYTES_TO_T_UINT_8( 0x1C, 0xFB, 0x4E, 0x4C, 0x5E, 0x66, 0x81, 0x1D ),
+ BYTES_TO_T_UINT_8( 0xA5, 0xB3, 0xE1, 0x00, 0xB7, 0xD9, 0xCC, 0x58 ),
+ BYTES_TO_T_UINT_8( 0xF3, 0x36, 0x8B, 0xC4, 0x39, 0x20, 0xFD, 0x30 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_7_X[] = {
+ BYTES_TO_T_UINT_8( 0x94, 0x1F, 0x60, 0x03, 0xBB, 0xD7, 0x60, 0x57 ),
+ BYTES_TO_T_UINT_8( 0x72, 0x3C, 0x62, 0xDD, 0x71, 0x95, 0xE9, 0x61 ),
+ BYTES_TO_T_UINT_8( 0xB0, 0x5B, 0x7A, 0x5F, 0x68, 0x81, 0xC5, 0x90 ),
+ BYTES_TO_T_UINT_8( 0x1E, 0xAF, 0xB5, 0xB9, 0x98, 0x42, 0x28, 0xA5 ),
+ BYTES_TO_T_UINT_8( 0x0C, 0x29, 0x8E, 0x11, 0x49, 0xB4, 0xD7, 0x20 ),
+ BYTES_TO_T_UINT_8( 0x9B, 0x3E, 0xD2, 0x30, 0xA1, 0xBA, 0xCA, 0x03 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_7_Y[] = {
+ BYTES_TO_T_UINT_8( 0x29, 0x37, 0x64, 0x44, 0x2F, 0x03, 0xE5, 0x41 ),
+ BYTES_TO_T_UINT_8( 0x4A, 0x42, 0xBC, 0xFF, 0xA2, 0x1A, 0x5F, 0x06 ),
+ BYTES_TO_T_UINT_8( 0x1D, 0x04, 0xAB, 0x04, 0xE0, 0x24, 0xAD, 0x2A ),
+ BYTES_TO_T_UINT_8( 0x3D, 0x45, 0x17, 0x67, 0x1F, 0x3E, 0x53, 0xF8 ),
+ BYTES_TO_T_UINT_8( 0xED, 0x0F, 0xB3, 0x1B, 0x57, 0x54, 0xC2, 0x03 ),
+ BYTES_TO_T_UINT_8( 0x59, 0xD3, 0xF8, 0xC4, 0x1B, 0x9B, 0xFA, 0x30 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_8_X[] = {
+ BYTES_TO_T_UINT_8( 0x37, 0x90, 0xFD, 0xFB, 0xCA, 0x49, 0x38, 0x4E ),
+ BYTES_TO_T_UINT_8( 0xC3, 0xCF, 0xC6, 0xDD, 0xF0, 0xFF, 0x8C, 0x11 ),
+ BYTES_TO_T_UINT_8( 0xD7, 0x69, 0x9D, 0xBD, 0x5F, 0x33, 0xE9, 0xB4 ),
+ BYTES_TO_T_UINT_8( 0x47, 0x19, 0x82, 0x3D, 0xAC, 0x1C, 0x40, 0x23 ),
+ BYTES_TO_T_UINT_8( 0x40, 0xC7, 0x02, 0x46, 0x14, 0x77, 0x00, 0xBE ),
+ BYTES_TO_T_UINT_8( 0xC9, 0x05, 0xF2, 0x77, 0x3A, 0x66, 0x5C, 0x39 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_8_Y[] = {
+ BYTES_TO_T_UINT_8( 0x1E, 0xE6, 0x17, 0xDE, 0xB2, 0xA1, 0xE5, 0xB8 ),
+ BYTES_TO_T_UINT_8( 0xC7, 0x71, 0xEC, 0x9D, 0xD8, 0xF5, 0xD4, 0x66 ),
+ BYTES_TO_T_UINT_8( 0xAA, 0xC6, 0x42, 0x5E, 0xE7, 0x18, 0xBA, 0xD0 ),
+ BYTES_TO_T_UINT_8( 0xC5, 0x21, 0x68, 0x5A, 0x26, 0xFB, 0xD7, 0x17 ),
+ BYTES_TO_T_UINT_8( 0x26, 0x00, 0x5C, 0xBA, 0x8A, 0x34, 0xEC, 0x75 ),
+ BYTES_TO_T_UINT_8( 0xC3, 0x9C, 0x3C, 0xAF, 0x53, 0xE8, 0x65, 0x35 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_9_X[] = {
+ BYTES_TO_T_UINT_8( 0xBE, 0xEF, 0x28, 0xDC, 0x67, 0x05, 0xC8, 0xDF ),
+ BYTES_TO_T_UINT_8( 0x0B, 0x78, 0xC3, 0x85, 0x49, 0xA0, 0xBC, 0x0F ),
+ BYTES_TO_T_UINT_8( 0x10, 0x3E, 0x2D, 0xA0, 0xCF, 0xD4, 0x7A, 0xF5 ),
+ BYTES_TO_T_UINT_8( 0x36, 0x93, 0xFE, 0x60, 0xB3, 0x6E, 0x99, 0xE2 ),
+ BYTES_TO_T_UINT_8( 0x62, 0xAD, 0x04, 0xE7, 0x49, 0xAF, 0x5E, 0xE3 ),
+ BYTES_TO_T_UINT_8( 0x54, 0x7A, 0xED, 0xA6, 0x9E, 0x18, 0x09, 0x31 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_9_Y[] = {
+ BYTES_TO_T_UINT_8( 0xE8, 0x05, 0x94, 0x44, 0xDC, 0xB8, 0x85, 0x94 ),
+ BYTES_TO_T_UINT_8( 0x14, 0xB7, 0x37, 0xC2, 0x50, 0x75, 0x15, 0xDA ),
+ BYTES_TO_T_UINT_8( 0xD6, 0xC6, 0x0F, 0xB2, 0xA9, 0x91, 0x3E, 0xE8 ),
+ BYTES_TO_T_UINT_8( 0xB9, 0x81, 0xAD, 0x25, 0xA1, 0x26, 0x73, 0x15 ),
+ BYTES_TO_T_UINT_8( 0xFD, 0xF1, 0xD1, 0x61, 0x7C, 0x76, 0x8F, 0x13 ),
+ BYTES_TO_T_UINT_8( 0x06, 0xDB, 0x4A, 0xFF, 0x14, 0xA7, 0x48, 0x0B ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_10_X[] = {
+ BYTES_TO_T_UINT_8( 0x2A, 0x73, 0xC6, 0xC2, 0xCC, 0xF1, 0x57, 0x04 ),
+ BYTES_TO_T_UINT_8( 0xB6, 0xED, 0x73, 0x27, 0x70, 0x82, 0xB6, 0x5E ),
+ BYTES_TO_T_UINT_8( 0x0B, 0xBA, 0xAC, 0x3A, 0xCF, 0xF4, 0xEA, 0xA6 ),
+ BYTES_TO_T_UINT_8( 0x99, 0xD6, 0xB1, 0x8F, 0x0E, 0x08, 0x2C, 0x5E ),
+ BYTES_TO_T_UINT_8( 0x17, 0xE3, 0x8F, 0x2F, 0x0E, 0xA1, 0xF3, 0x07 ),
+ BYTES_TO_T_UINT_8( 0x1A, 0xF5, 0x7C, 0x9B, 0x29, 0x0A, 0xF6, 0x28 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_10_Y[] = {
+ BYTES_TO_T_UINT_8( 0xBD, 0xEE, 0x17, 0x47, 0x34, 0x15, 0xA3, 0xAF ),
+ BYTES_TO_T_UINT_8( 0xFB, 0xBE, 0x88, 0x48, 0xE7, 0xA2, 0xBB, 0xDE ),
+ BYTES_TO_T_UINT_8( 0xC5, 0xAD, 0xDC, 0x65, 0x61, 0x37, 0x0F, 0xC1 ),
+ BYTES_TO_T_UINT_8( 0xFA, 0x67, 0xAD, 0xA2, 0x3A, 0x1C, 0x91, 0x78 ),
+ BYTES_TO_T_UINT_8( 0x55, 0x07, 0x0C, 0x3A, 0x41, 0x6E, 0x13, 0x28 ),
+ BYTES_TO_T_UINT_8( 0x73, 0xBD, 0x7E, 0xED, 0xAA, 0x14, 0xDD, 0x61 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_11_X[] = {
+ BYTES_TO_T_UINT_8( 0xC3, 0xDC, 0x20, 0x01, 0x72, 0x11, 0x48, 0x55 ),
+ BYTES_TO_T_UINT_8( 0x1E, 0xC4, 0x7B, 0xF8, 0x62, 0x3D, 0xF0, 0x9F ),
+ BYTES_TO_T_UINT_8( 0xE8, 0xC2, 0x3D, 0x2E, 0x52, 0xA3, 0x4A, 0x89 ),
+ BYTES_TO_T_UINT_8( 0xCE, 0xE2, 0x53, 0x46, 0x5E, 0x21, 0xF8, 0xCE ),
+ BYTES_TO_T_UINT_8( 0xC2, 0xC7, 0x8F, 0xA9, 0x26, 0x42, 0x32, 0x3A ),
+ BYTES_TO_T_UINT_8( 0xFB, 0xA6, 0xA0, 0x8D, 0x4B, 0x9A, 0x19, 0x03 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_11_Y[] = {
+ BYTES_TO_T_UINT_8( 0xEA, 0xAB, 0x6D, 0x1E, 0xFB, 0xEE, 0x60, 0x0C ),
+ BYTES_TO_T_UINT_8( 0xB6, 0x56, 0x3C, 0xC5, 0x5D, 0x10, 0x79, 0x1C ),
+ BYTES_TO_T_UINT_8( 0x25, 0xBC, 0x41, 0x9F, 0x71, 0xEF, 0x02, 0xF9 ),
+ BYTES_TO_T_UINT_8( 0xA2, 0x36, 0xC4, 0xD0, 0x88, 0x9B, 0x32, 0xFC ),
+ BYTES_TO_T_UINT_8( 0x9C, 0xD4, 0x5D, 0x17, 0x39, 0xE6, 0x22, 0x2C ),
+ BYTES_TO_T_UINT_8( 0x7B, 0x26, 0x01, 0xCE, 0xBE, 0x4A, 0x9C, 0x27 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_12_X[] = {
+ BYTES_TO_T_UINT_8( 0xEF, 0x6D, 0x11, 0xCA, 0x6C, 0x5A, 0x93, 0x0C ),
+ BYTES_TO_T_UINT_8( 0xEB, 0x96, 0x26, 0xAF, 0x2F, 0xE4, 0x30, 0x98 ),
+ BYTES_TO_T_UINT_8( 0x35, 0xC1, 0x4C, 0xC6, 0x30, 0x1F, 0x5C, 0x04 ),
+ BYTES_TO_T_UINT_8( 0x59, 0xB3, 0xE8, 0xFC, 0x35, 0xEB, 0x63, 0x6C ),
+ BYTES_TO_T_UINT_8( 0x9C, 0x1D, 0xCA, 0xFC, 0x50, 0x36, 0x4B, 0x96 ),
+ BYTES_TO_T_UINT_8( 0xE4, 0x0E, 0x23, 0x5B, 0xAF, 0xEB, 0x2D, 0x31 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_12_Y[] = {
+ BYTES_TO_T_UINT_8( 0xC6, 0x88, 0xB6, 0xD7, 0x74, 0x4A, 0x23, 0xB6 ),
+ BYTES_TO_T_UINT_8( 0xEF, 0x66, 0xE2, 0xBB, 0x29, 0xA6, 0x4F, 0x55 ),
+ BYTES_TO_T_UINT_8( 0xE9, 0x6F, 0x7E, 0x68, 0x6E, 0xA0, 0x14, 0x94 ),
+ BYTES_TO_T_UINT_8( 0x3B, 0x73, 0xD4, 0xE8, 0xAB, 0x5B, 0xF6, 0x0D ),
+ BYTES_TO_T_UINT_8( 0x46, 0xE0, 0x3C, 0x24, 0x00, 0x95, 0xE9, 0xAD ),
+ BYTES_TO_T_UINT_8( 0x37, 0x0D, 0x4F, 0x81, 0xD0, 0xF2, 0x3F, 0x00 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_13_X[] = {
+ BYTES_TO_T_UINT_8( 0x99, 0x1D, 0xCD, 0x78, 0x39, 0xC4, 0x6B, 0xD9 ),
+ BYTES_TO_T_UINT_8( 0x81, 0x45, 0xC7, 0xB8, 0x2F, 0xAA, 0x5D, 0xE3 ),
+ BYTES_TO_T_UINT_8( 0x33, 0x8C, 0x6E, 0xA3, 0x24, 0xB2, 0xDB, 0x4B ),
+ BYTES_TO_T_UINT_8( 0x69, 0x2D, 0xD9, 0xF1, 0xC7, 0x9B, 0x8A, 0xAF ),
+ BYTES_TO_T_UINT_8( 0x67, 0xE1, 0x2C, 0xB9, 0x40, 0x37, 0x91, 0x75 ),
+ BYTES_TO_T_UINT_8( 0x81, 0x2C, 0xB5, 0x23, 0x03, 0x2B, 0xAF, 0x2F ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_13_Y[] = {
+ BYTES_TO_T_UINT_8( 0x2F, 0x9D, 0x5A, 0x20, 0x10, 0xA9, 0x84, 0xDA ),
+ BYTES_TO_T_UINT_8( 0x61, 0x30, 0x89, 0x20, 0x13, 0xE9, 0xB2, 0xCA ),
+ BYTES_TO_T_UINT_8( 0xB6, 0x6E, 0x52, 0xEB, 0x03, 0x18, 0x1F, 0xA6 ),
+ BYTES_TO_T_UINT_8( 0x6C, 0x9E, 0x1C, 0x35, 0x87, 0x92, 0x69, 0xC7 ),
+ BYTES_TO_T_UINT_8( 0xA1, 0xC9, 0x88, 0xAF, 0xC6, 0x6C, 0x83, 0x72 ),
+ BYTES_TO_T_UINT_8( 0xCB, 0xD5, 0x7A, 0x54, 0x34, 0x99, 0xB6, 0x6F ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_14_X[] = {
+ BYTES_TO_T_UINT_8( 0xDF, 0xAD, 0x45, 0x9B, 0x4B, 0x41, 0x4D, 0x50 ),
+ BYTES_TO_T_UINT_8( 0x1B, 0x5D, 0xAB, 0x7F, 0x35, 0x34, 0xE9, 0x29 ),
+ BYTES_TO_T_UINT_8( 0x73, 0xBE, 0x78, 0x34, 0x44, 0xF3, 0x4A, 0x87 ),
+ BYTES_TO_T_UINT_8( 0xFB, 0xDE, 0xE3, 0xC4, 0xEE, 0x0B, 0xF9, 0xEB ),
+ BYTES_TO_T_UINT_8( 0x5E, 0x86, 0x16, 0x48, 0x32, 0xB8, 0x74, 0x41 ),
+ BYTES_TO_T_UINT_8( 0xF2, 0xEE, 0x7C, 0xBA, 0xBD, 0x81, 0xE3, 0x55 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_14_Y[] = {
+ BYTES_TO_T_UINT_8( 0xF8, 0x6A, 0xFA, 0x84, 0xDA, 0xB8, 0xD5, 0x14 ),
+ BYTES_TO_T_UINT_8( 0xB2, 0x9F, 0x8A, 0xD5, 0x1B, 0x2E, 0x1A, 0x0B ),
+ BYTES_TO_T_UINT_8( 0x5F, 0x0C, 0x61, 0xE2, 0xFF, 0x5B, 0xE6, 0xD5 ),
+ BYTES_TO_T_UINT_8( 0x0E, 0x62, 0xC1, 0x87, 0x53, 0x1B, 0x92, 0xA3 ),
+ BYTES_TO_T_UINT_8( 0x54, 0x90, 0x00, 0xD1, 0x6A, 0x0C, 0x0E, 0x28 ),
+ BYTES_TO_T_UINT_8( 0x8B, 0x2E, 0xB5, 0x3B, 0x44, 0xB5, 0xA0, 0x78 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_15_X[] = {
+ BYTES_TO_T_UINT_8( 0xB8, 0x5D, 0x02, 0x58, 0xB5, 0xBE, 0x45, 0x14 ),
+ BYTES_TO_T_UINT_8( 0xAD, 0xEF, 0x8E, 0x90, 0x4D, 0x2A, 0x32, 0xAC ),
+ BYTES_TO_T_UINT_8( 0x48, 0x99, 0x75, 0x5C, 0x0A, 0x33, 0x8F, 0x36 ),
+ BYTES_TO_T_UINT_8( 0xC8, 0x6C, 0x95, 0xD4, 0x1F, 0xF3, 0xEB, 0xDA ),
+ BYTES_TO_T_UINT_8( 0xC2, 0xE4, 0x4C, 0x91, 0x20, 0xF3, 0x25, 0xEB ),
+ BYTES_TO_T_UINT_8( 0xF1, 0x95, 0xEB, 0x29, 0x6F, 0x20, 0x34, 0x81 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_15_Y[] = {
+ BYTES_TO_T_UINT_8( 0x2D, 0x15, 0xE5, 0x13, 0x7E, 0x64, 0x8B, 0xAD ),
+ BYTES_TO_T_UINT_8( 0xA7, 0xBC, 0x0D, 0x18, 0x7E, 0x37, 0x9E, 0xFA ),
+ BYTES_TO_T_UINT_8( 0xE8, 0x82, 0x20, 0xF7, 0x2D, 0x7A, 0x77, 0x52 ),
+ BYTES_TO_T_UINT_8( 0xCB, 0x29, 0xA2, 0xDB, 0x7A, 0xE6, 0x6F, 0xA5 ),
+ BYTES_TO_T_UINT_8( 0xA0, 0xC6, 0x50, 0x5C, 0xBC, 0xE6, 0x4F, 0xBD ),
+ BYTES_TO_T_UINT_8( 0x1E, 0x9F, 0xD5, 0xE8, 0xC5, 0x3D, 0xB7, 0x30 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_16_X[] = {
+ BYTES_TO_T_UINT_8( 0x45, 0x03, 0x55, 0x10, 0xDB, 0xA6, 0x8B, 0x22 ),
+ BYTES_TO_T_UINT_8( 0x4E, 0x17, 0xAE, 0x78, 0xC9, 0x1D, 0x43, 0xCA ),
+ BYTES_TO_T_UINT_8( 0x4E, 0x35, 0x49, 0xD4, 0x47, 0x84, 0x8D, 0x20 ),
+ BYTES_TO_T_UINT_8( 0xF3, 0x95, 0x2F, 0xEA, 0xBC, 0xB4, 0x18, 0xB3 ),
+ BYTES_TO_T_UINT_8( 0xD4, 0x48, 0xAE, 0x89, 0xF5, 0x65, 0x3D, 0x89 ),
+ BYTES_TO_T_UINT_8( 0x86, 0xF2, 0x2B, 0x20, 0xD1, 0x75, 0x50, 0x63 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_16_Y[] = {
+ BYTES_TO_T_UINT_8( 0xAD, 0xE6, 0x5C, 0x2C, 0xE0, 0x7D, 0xDF, 0x2D ),
+ BYTES_TO_T_UINT_8( 0x3E, 0x07, 0x3E, 0xCE, 0x9F, 0x18, 0xB6, 0x05 ),
+ BYTES_TO_T_UINT_8( 0x9A, 0xF8, 0xF0, 0xD5, 0xFA, 0x42, 0x1D, 0x6D ),
+ BYTES_TO_T_UINT_8( 0x41, 0x6C, 0x1D, 0x03, 0xC9, 0x0E, 0x2B, 0x2F ),
+ BYTES_TO_T_UINT_8( 0x43, 0x18, 0x52, 0xA5, 0xB4, 0x63, 0xE1, 0x06 ),
+ BYTES_TO_T_UINT_8( 0xB7, 0x0A, 0xD9, 0xC4, 0xFD, 0x16, 0x60, 0x54 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_17_X[] = {
+ BYTES_TO_T_UINT_8( 0x43, 0x7D, 0xDE, 0xDF, 0x4B, 0x4A, 0xB0, 0xCB ),
+ BYTES_TO_T_UINT_8( 0xB0, 0x4E, 0x8C, 0x94, 0xC1, 0xE2, 0x85, 0xDF ),
+ BYTES_TO_T_UINT_8( 0x4F, 0xF0, 0xEA, 0xB5, 0x9B, 0x70, 0xEF, 0x10 ),
+ BYTES_TO_T_UINT_8( 0x56, 0xC2, 0x39, 0x5D, 0xF3, 0x2C, 0xD9, 0x2C ),
+ BYTES_TO_T_UINT_8( 0x0D, 0x1C, 0x2E, 0xCC, 0x2F, 0x54, 0x87, 0x80 ),
+ BYTES_TO_T_UINT_8( 0xB0, 0x72, 0xC7, 0xB5, 0x50, 0xA3, 0x84, 0x77 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_17_Y[] = {
+ BYTES_TO_T_UINT_8( 0xB7, 0xD1, 0xAF, 0xA9, 0xB4, 0x8B, 0x5D, 0xFA ),
+ BYTES_TO_T_UINT_8( 0xC8, 0xF6, 0x52, 0x8A, 0xC3, 0x56, 0xA5, 0x5E ),
+ BYTES_TO_T_UINT_8( 0x3B, 0x52, 0xFF, 0xEA, 0x05, 0x42, 0x77, 0x83 ),
+ BYTES_TO_T_UINT_8( 0x29, 0x08, 0x90, 0x72, 0x86, 0xC4, 0xC3, 0xB8 ),
+ BYTES_TO_T_UINT_8( 0x4D, 0x15, 0xF8, 0xF1, 0x16, 0x67, 0xC6, 0xD5 ),
+ BYTES_TO_T_UINT_8( 0x75, 0x87, 0xAC, 0x8F, 0x71, 0xEC, 0x83, 0x81 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_18_X[] = {
+ BYTES_TO_T_UINT_8( 0x91, 0xE1, 0xE6, 0x2D, 0x0E, 0x11, 0xA1, 0x62 ),
+ BYTES_TO_T_UINT_8( 0x74, 0xE2, 0xA8, 0x32, 0xE6, 0xE3, 0x83, 0xD1 ),
+ BYTES_TO_T_UINT_8( 0x50, 0x56, 0xE5, 0xCD, 0xB7, 0x2B, 0x67, 0x6F ),
+ BYTES_TO_T_UINT_8( 0xE5, 0xED, 0xC9, 0x65, 0x6D, 0x87, 0xE1, 0x8E ),
+ BYTES_TO_T_UINT_8( 0x50, 0x8E, 0xFD, 0x9A, 0x53, 0x0E, 0xFA, 0xA3 ),
+ BYTES_TO_T_UINT_8( 0x49, 0x4C, 0x4A, 0xE2, 0x23, 0x84, 0xFA, 0x01 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_18_Y[] = {
+ BYTES_TO_T_UINT_8( 0xB4, 0xFE, 0x49, 0x81, 0xD1, 0x3E, 0xF4, 0x7C ),
+ BYTES_TO_T_UINT_8( 0x45, 0x72, 0xE0, 0xEF, 0x0D, 0xB8, 0x3E, 0x6F ),
+ BYTES_TO_T_UINT_8( 0x3C, 0x00, 0x0F, 0x5F, 0xCE, 0x60, 0x72, 0x2C ),
+ BYTES_TO_T_UINT_8( 0xB7, 0xCC, 0xD8, 0x03, 0x07, 0x6E, 0x5A, 0xCD ),
+ BYTES_TO_T_UINT_8( 0x27, 0x3A, 0x35, 0x50, 0x4E, 0x1F, 0xCA, 0x5F ),
+ BYTES_TO_T_UINT_8( 0x58, 0xEA, 0x88, 0x55, 0xBD, 0x6E, 0x05, 0x7F ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_19_X[] = {
+ BYTES_TO_T_UINT_8( 0xB1, 0x6D, 0xF1, 0x97, 0xA6, 0x69, 0x39, 0x24 ),
+ BYTES_TO_T_UINT_8( 0x0B, 0x41, 0x99, 0xFF, 0x3B, 0xA1, 0x26, 0xEC ),
+ BYTES_TO_T_UINT_8( 0x95, 0x2F, 0x95, 0x80, 0x12, 0x4A, 0x1B, 0xCB ),
+ BYTES_TO_T_UINT_8( 0xEA, 0xBF, 0x51, 0xAA, 0xAE, 0x2D, 0xDA, 0xCF ),
+ BYTES_TO_T_UINT_8( 0x0C, 0x1C, 0xB3, 0x52, 0x36, 0x49, 0xD4, 0x86 ),
+ BYTES_TO_T_UINT_8( 0x99, 0xC1, 0x1F, 0x3A, 0xD3, 0x3E, 0x5C, 0x1A ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_19_Y[] = {
+ BYTES_TO_T_UINT_8( 0x73, 0x51, 0xF7, 0x2B, 0xC8, 0xA9, 0xA7, 0x15 ),
+ BYTES_TO_T_UINT_8( 0x12, 0x4E, 0x7F, 0x98, 0x41, 0x66, 0xB0, 0x03 ),
+ BYTES_TO_T_UINT_8( 0x91, 0x1D, 0xC0, 0x42, 0xCD, 0xF8, 0xC3, 0x2B ),
+ BYTES_TO_T_UINT_8( 0xCC, 0x41, 0x91, 0x7D, 0xCC, 0x8B, 0xCC, 0x41 ),
+ BYTES_TO_T_UINT_8( 0x2A, 0xAE, 0x76, 0xED, 0x56, 0x18, 0xC5, 0xAB ),
+ BYTES_TO_T_UINT_8( 0xAB, 0x6A, 0x06, 0xA3, 0x7F, 0x65, 0x10, 0x1F ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_20_X[] = {
+ BYTES_TO_T_UINT_8( 0x0C, 0xEC, 0x3C, 0x05, 0x05, 0xCA, 0xF6, 0xED ),
+ BYTES_TO_T_UINT_8( 0x48, 0xCD, 0x02, 0x51, 0x12, 0x16, 0x3C, 0x63 ),
+ BYTES_TO_T_UINT_8( 0xA8, 0xEB, 0xB3, 0x43, 0x7B, 0xDD, 0xB2, 0x7C ),
+ BYTES_TO_T_UINT_8( 0x00, 0x59, 0x90, 0x41, 0xDB, 0xE4, 0xF5, 0x91 ),
+ BYTES_TO_T_UINT_8( 0xD0, 0x0E, 0x18, 0x2A, 0x5A, 0x83, 0x7C, 0x2F ),
+ BYTES_TO_T_UINT_8( 0xE1, 0x37, 0xA1, 0x0D, 0xF1, 0x2F, 0x63, 0x79 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_20_Y[] = {
+ BYTES_TO_T_UINT_8( 0x21, 0xC0, 0xFA, 0x6F, 0x1F, 0x67, 0xCF, 0xEC ),
+ BYTES_TO_T_UINT_8( 0x98, 0x34, 0x45, 0xBB, 0xF4, 0xF9, 0x9B, 0x89 ),
+ BYTES_TO_T_UINT_8( 0xF5, 0x69, 0xFE, 0x67, 0x1D, 0x64, 0x8F, 0xB9 ),
+ BYTES_TO_T_UINT_8( 0xDB, 0x39, 0xBF, 0xD8, 0xB3, 0xC7, 0xAD, 0x8A ),
+ BYTES_TO_T_UINT_8( 0x8C, 0x93, 0xFF, 0xF3, 0x28, 0xFA, 0x39, 0xF6 ),
+ BYTES_TO_T_UINT_8( 0xFA, 0xF9, 0xC3, 0x85, 0x26, 0x7A, 0x88, 0x89 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_21_X[] = {
+ BYTES_TO_T_UINT_8( 0x4D, 0xD5, 0x79, 0xD8, 0x11, 0xDE, 0xEB, 0x4E ),
+ BYTES_TO_T_UINT_8( 0x1C, 0x46, 0xA4, 0x6A, 0xDA, 0x74, 0x34, 0xA8 ),
+ BYTES_TO_T_UINT_8( 0x1E, 0xBD, 0xD3, 0xF5, 0x14, 0xEE, 0xFE, 0xAE ),
+ BYTES_TO_T_UINT_8( 0x19, 0x4C, 0xA3, 0x71, 0x43, 0x65, 0xF8, 0x94 ),
+ BYTES_TO_T_UINT_8( 0x72, 0x6C, 0x35, 0xFA, 0x90, 0x25, 0xD8, 0xE2 ),
+ BYTES_TO_T_UINT_8( 0xBB, 0x34, 0x84, 0x96, 0xA1, 0x43, 0x03, 0x4D ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_21_Y[] = {
+ BYTES_TO_T_UINT_8( 0xF1, 0x3B, 0x3B, 0x2F, 0xCA, 0x59, 0xF2, 0x42 ),
+ BYTES_TO_T_UINT_8( 0xCD, 0x48, 0x24, 0x74, 0xD8, 0x72, 0x90, 0xA3 ),
+ BYTES_TO_T_UINT_8( 0x83, 0x42, 0x74, 0x8C, 0x6F, 0x52, 0x19, 0x3D ),
+ BYTES_TO_T_UINT_8( 0x40, 0x9E, 0x41, 0x63, 0x68, 0x78, 0x4C, 0x2F ),
+ BYTES_TO_T_UINT_8( 0x53, 0x94, 0xB6, 0x6B, 0x38, 0x52, 0xA8, 0x9F ),
+ BYTES_TO_T_UINT_8( 0x81, 0x30, 0x25, 0x93, 0xA1, 0x6F, 0x6E, 0x68 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_22_X[] = {
+ BYTES_TO_T_UINT_8( 0xFC, 0x2F, 0x4B, 0x64, 0x79, 0x50, 0xFF, 0x01 ),
+ BYTES_TO_T_UINT_8( 0xD4, 0x36, 0xED, 0x57, 0x39, 0x3B, 0xE7, 0xF3 ),
+ BYTES_TO_T_UINT_8( 0xF1, 0x85, 0xEA, 0x35, 0xD6, 0xC0, 0xA0, 0x52 ),
+ BYTES_TO_T_UINT_8( 0xBA, 0x89, 0x3A, 0xCC, 0x22, 0x1C, 0x46, 0x02 ),
+ BYTES_TO_T_UINT_8( 0x6C, 0x7A, 0xB0, 0xA1, 0x1B, 0x69, 0x62, 0x55 ),
+ BYTES_TO_T_UINT_8( 0x57, 0xB8, 0x8A, 0x6C, 0x18, 0x85, 0x0D, 0x88 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_22_Y[] = {
+ BYTES_TO_T_UINT_8( 0xFD, 0xB6, 0x50, 0xE9, 0x4E, 0x7F, 0xE8, 0x07 ),
+ BYTES_TO_T_UINT_8( 0x92, 0x5B, 0x5C, 0xD1, 0x4B, 0x11, 0x9A, 0xD8 ),
+ BYTES_TO_T_UINT_8( 0x96, 0x25, 0x56, 0x74, 0x51, 0x9C, 0xEC, 0x9C ),
+ BYTES_TO_T_UINT_8( 0x55, 0x7F, 0xB6, 0x8A, 0xCB, 0x3A, 0x10, 0x6A ),
+ BYTES_TO_T_UINT_8( 0x60, 0x33, 0x07, 0x01, 0xE9, 0x49, 0x59, 0xE6 ),
+ BYTES_TO_T_UINT_8( 0xC6, 0xA5, 0x2E, 0xF2, 0xBA, 0x32, 0x63, 0x44 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_23_X[] = {
+ BYTES_TO_T_UINT_8( 0xF8, 0x06, 0x0B, 0xA5, 0x44, 0x27, 0x7F, 0x22 ),
+ BYTES_TO_T_UINT_8( 0x30, 0x74, 0xAC, 0x0F, 0xCC, 0x4F, 0x13, 0x61 ),
+ BYTES_TO_T_UINT_8( 0xFD, 0xB1, 0xBF, 0x97, 0x49, 0xA5, 0x1C, 0x1D ),
+ BYTES_TO_T_UINT_8( 0x8A, 0x64, 0x68, 0x7B, 0x0F, 0xCC, 0x77, 0xF8 ),
+ BYTES_TO_T_UINT_8( 0xBB, 0x39, 0xF9, 0x4E, 0x84, 0x9C, 0xF6, 0x96 ),
+ BYTES_TO_T_UINT_8( 0xBC, 0xCF, 0x6D, 0xE2, 0xA1, 0x2D, 0xF9, 0x2B ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_23_Y[] = {
+ BYTES_TO_T_UINT_8( 0x95, 0xC4, 0x90, 0x57, 0x31, 0x01, 0x05, 0x5E ),
+ BYTES_TO_T_UINT_8( 0xCC, 0x1E, 0xBB, 0xBF, 0x98, 0xA4, 0x7C, 0xE3 ),
+ BYTES_TO_T_UINT_8( 0x89, 0xE3, 0xA0, 0xB2, 0xCD, 0x39, 0x9A, 0x3F ),
+ BYTES_TO_T_UINT_8( 0x92, 0x34, 0x60, 0x7A, 0x89, 0x98, 0xB5, 0x52 ),
+ BYTES_TO_T_UINT_8( 0x8D, 0x20, 0x3D, 0x3A, 0x04, 0x8F, 0x5A, 0xAC ),
+ BYTES_TO_T_UINT_8( 0xA3, 0x26, 0xB6, 0x49, 0x09, 0x9C, 0x0F, 0x59 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_24_X[] = {
+ BYTES_TO_T_UINT_8( 0x72, 0x66, 0xD2, 0x38, 0x2A, 0x62, 0x81, 0xCA ),
+ BYTES_TO_T_UINT_8( 0xC5, 0xC8, 0x20, 0x5E, 0x28, 0xA3, 0x81, 0xA7 ),
+ BYTES_TO_T_UINT_8( 0x20, 0x31, 0xA4, 0xF1, 0xEA, 0x7D, 0x87, 0x45 ),
+ BYTES_TO_T_UINT_8( 0x8F, 0x2C, 0x99, 0x09, 0x6F, 0x63, 0xEB, 0x2F ),
+ BYTES_TO_T_UINT_8( 0x73, 0x76, 0xDA, 0x1A, 0x06, 0xBE, 0xDE, 0xA2 ),
+ BYTES_TO_T_UINT_8( 0x29, 0x09, 0x2E, 0x75, 0x39, 0x30, 0x2D, 0x42 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_24_Y[] = {
+ BYTES_TO_T_UINT_8( 0x41, 0x9B, 0xC1, 0x5A, 0x17, 0xC3, 0x8C, 0x31 ),
+ BYTES_TO_T_UINT_8( 0x58, 0x8D, 0x94, 0x4D, 0x3D, 0xAB, 0x60, 0xD4 ),
+ BYTES_TO_T_UINT_8( 0xFF, 0xFD, 0x1E, 0x0F, 0x43, 0xAE, 0x9D, 0x62 ),
+ BYTES_TO_T_UINT_8( 0x8E, 0xF2, 0xF3, 0x20, 0x1B, 0xAA, 0xB7, 0x41 ),
+ BYTES_TO_T_UINT_8( 0x9D, 0x5B, 0xA4, 0xF4, 0x90, 0x3B, 0xE3, 0x71 ),
+ BYTES_TO_T_UINT_8( 0xF7, 0x78, 0x72, 0xBD, 0x65, 0x09, 0x0B, 0x01 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_25_X[] = {
+ BYTES_TO_T_UINT_8( 0xCA, 0x37, 0x2A, 0x6C, 0x16, 0x4F, 0x64, 0x59 ),
+ BYTES_TO_T_UINT_8( 0x5A, 0xCE, 0xA3, 0x90, 0xB4, 0x9A, 0xBC, 0xF7 ),
+ BYTES_TO_T_UINT_8( 0x27, 0x38, 0x55, 0x63, 0x1D, 0x3A, 0x6E, 0x18 ),
+ BYTES_TO_T_UINT_8( 0x37, 0xB4, 0xAA, 0x99, 0x22, 0x45, 0x89, 0x2C ),
+ BYTES_TO_T_UINT_8( 0xB7, 0x7C, 0x8C, 0xA6, 0x3D, 0xA7, 0x3E, 0xE8 ),
+ BYTES_TO_T_UINT_8( 0x70, 0x06, 0x42, 0xDC, 0xA6, 0xE3, 0xC6, 0x12 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_25_Y[] = {
+ BYTES_TO_T_UINT_8( 0x55, 0x8C, 0x3D, 0x5D, 0x47, 0x31, 0x7C, 0xEB ),
+ BYTES_TO_T_UINT_8( 0x46, 0x85, 0xEE, 0x46, 0x7E, 0x13, 0x04, 0x41 ),
+ BYTES_TO_T_UINT_8( 0x9E, 0x3C, 0x8B, 0x43, 0x2E, 0x74, 0xF5, 0xF6 ),
+ BYTES_TO_T_UINT_8( 0xBA, 0x88, 0x8E, 0x07, 0x29, 0x08, 0x03, 0x26 ),
+ BYTES_TO_T_UINT_8( 0xEA, 0x9B, 0x89, 0xEB, 0x08, 0xE8, 0x43, 0xB5 ),
+ BYTES_TO_T_UINT_8( 0x17, 0x07, 0x67, 0xFD, 0xD9, 0x73, 0x6F, 0x18 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_26_X[] = {
+ BYTES_TO_T_UINT_8( 0x29, 0xEB, 0x21, 0x8D, 0x98, 0x43, 0x74, 0x98 ),
+ BYTES_TO_T_UINT_8( 0x88, 0xCC, 0x14, 0xD8, 0x08, 0xBB, 0xA6, 0xE3 ),
+ BYTES_TO_T_UINT_8( 0xC4, 0x98, 0xF2, 0x6A, 0x18, 0xC3, 0xDD, 0x9E ),
+ BYTES_TO_T_UINT_8( 0xC7, 0x38, 0x91, 0xA0, 0x03, 0xF2, 0x04, 0x62 ),
+ BYTES_TO_T_UINT_8( 0x7A, 0xAF, 0xE8, 0xFD, 0xFB, 0x13, 0x70, 0x74 ),
+ BYTES_TO_T_UINT_8( 0xD0, 0x93, 0x87, 0x98, 0x4A, 0xE0, 0x00, 0x12 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_26_Y[] = {
+ BYTES_TO_T_UINT_8( 0x97, 0x2E, 0x69, 0x9C, 0xA2, 0x2D, 0x03, 0x3F ),
+ BYTES_TO_T_UINT_8( 0x79, 0xFE, 0xF3, 0xB9, 0xC1, 0x85, 0x2A, 0xEE ),
+ BYTES_TO_T_UINT_8( 0xCE, 0xFD, 0x86, 0xB1, 0xCD, 0xBF, 0x41, 0xB7 ),
+ BYTES_TO_T_UINT_8( 0xA0, 0xD8, 0x9A, 0x21, 0xF3, 0xFE, 0xCB, 0xF1 ),
+ BYTES_TO_T_UINT_8( 0x95, 0x78, 0x04, 0x60, 0xB7, 0xA9, 0xA2, 0x84 ),
+ BYTES_TO_T_UINT_8( 0xE8, 0x1E, 0x66, 0x2A, 0x54, 0x51, 0xBD, 0x8B ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_27_X[] = {
+ BYTES_TO_T_UINT_8( 0x8E, 0x16, 0x36, 0xEF, 0x61, 0x2D, 0xEE, 0x3B ),
+ BYTES_TO_T_UINT_8( 0x45, 0x5F, 0x88, 0xA0, 0x13, 0x12, 0xF7, 0x23 ),
+ BYTES_TO_T_UINT_8( 0xA9, 0xC6, 0xAD, 0x4A, 0x4A, 0x07, 0x01, 0x5B ),
+ BYTES_TO_T_UINT_8( 0xB8, 0x74, 0xB1, 0x4F, 0xEB, 0xBD, 0xD5, 0x6B ),
+ BYTES_TO_T_UINT_8( 0x57, 0xF9, 0x71, 0xA2, 0x06, 0x4F, 0xD7, 0xBC ),
+ BYTES_TO_T_UINT_8( 0xFF, 0x8B, 0x4D, 0x48, 0xE0, 0x98, 0xFB, 0x6A ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_27_Y[] = {
+ BYTES_TO_T_UINT_8( 0xC4, 0xBA, 0x10, 0xA3, 0x0D, 0x52, 0xAC, 0x3A ),
+ BYTES_TO_T_UINT_8( 0x11, 0xD0, 0xE0, 0x36, 0xE6, 0x07, 0x3A, 0x30 ),
+ BYTES_TO_T_UINT_8( 0x7E, 0x80, 0xF0, 0xAA, 0x49, 0x22, 0x4B, 0xDD ),
+ BYTES_TO_T_UINT_8( 0xFF, 0xC7, 0xAB, 0x1C, 0x89, 0xCD, 0x24, 0x40 ),
+ BYTES_TO_T_UINT_8( 0x82, 0x2A, 0xFC, 0xB3, 0x6D, 0x45, 0x96, 0x49 ),
+ BYTES_TO_T_UINT_8( 0x63, 0xE4, 0xDB, 0x52, 0x3F, 0xC4, 0xB4, 0x19 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_28_X[] = {
+ BYTES_TO_T_UINT_8( 0x5B, 0xCC, 0xC8, 0x7F, 0xBB, 0x6B, 0x87, 0x47 ),
+ BYTES_TO_T_UINT_8( 0xC0, 0x21, 0x3C, 0x69, 0x7D, 0x38, 0x57, 0x50 ),
+ BYTES_TO_T_UINT_8( 0x52, 0x4C, 0x18, 0x3C, 0x53, 0xA5, 0x48, 0x6D ),
+ BYTES_TO_T_UINT_8( 0x21, 0xC3, 0x64, 0x45, 0xDB, 0xC4, 0x6D, 0x15 ),
+ BYTES_TO_T_UINT_8( 0x49, 0xCC, 0xD1, 0xBB, 0x17, 0xB8, 0x34, 0x2D ),
+ BYTES_TO_T_UINT_8( 0x6C, 0x69, 0x71, 0xFA, 0xA0, 0x28, 0x4A, 0x3D ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_28_Y[] = {
+ BYTES_TO_T_UINT_8( 0xED, 0xE8, 0x9E, 0x39, 0xEA, 0x8D, 0x38, 0xDB ),
+ BYTES_TO_T_UINT_8( 0xCC, 0x9C, 0xBB, 0xCD, 0x80, 0x1A, 0xEE, 0xB7 ),
+ BYTES_TO_T_UINT_8( 0xBC, 0xA0, 0x45, 0xBF, 0xD9, 0x22, 0x11, 0x32 ),
+ BYTES_TO_T_UINT_8( 0xDA, 0x7C, 0x5C, 0xD9, 0xC0, 0x9F, 0x69, 0xF5 ),
+ BYTES_TO_T_UINT_8( 0xBC, 0x8A, 0xA6, 0x79, 0x4E, 0x35, 0xB9, 0xD5 ),
+ BYTES_TO_T_UINT_8( 0xCC, 0x8B, 0x9A, 0x3E, 0xA1, 0xB8, 0x28, 0x10 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_29_X[] = {
+ BYTES_TO_T_UINT_8( 0x55, 0x2F, 0xEF, 0xBB, 0xA9, 0x72, 0x7F, 0xEA ),
+ BYTES_TO_T_UINT_8( 0xB5, 0x34, 0xB7, 0x12, 0xB9, 0xE7, 0xC3, 0x2A ),
+ BYTES_TO_T_UINT_8( 0xF8, 0x1D, 0xD9, 0x42, 0x77, 0x0C, 0x71, 0x6E ),
+ BYTES_TO_T_UINT_8( 0xEC, 0x01, 0x59, 0xA7, 0x56, 0x03, 0x91, 0x8D ),
+ BYTES_TO_T_UINT_8( 0x6C, 0x91, 0x99, 0x33, 0x30, 0x3E, 0xEF, 0x13 ),
+ BYTES_TO_T_UINT_8( 0x87, 0xC9, 0x5A, 0x9A, 0x54, 0x66, 0xF1, 0x70 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_29_Y[] = {
+ BYTES_TO_T_UINT_8( 0x64, 0x2C, 0xB7, 0x6E, 0x71, 0x7D, 0x35, 0x30 ),
+ BYTES_TO_T_UINT_8( 0x1A, 0x0D, 0xEF, 0xD1, 0x2D, 0x99, 0x63, 0x2F ),
+ BYTES_TO_T_UINT_8( 0xE4, 0x31, 0xAF, 0x2D, 0xC9, 0xC6, 0xC2, 0xAE ),
+ BYTES_TO_T_UINT_8( 0x19, 0xC0, 0xDF, 0x80, 0x54, 0xC4, 0xAC, 0xF3 ),
+ BYTES_TO_T_UINT_8( 0xE3, 0x6B, 0xA0, 0x84, 0x96, 0xF7, 0x31, 0xC8 ),
+ BYTES_TO_T_UINT_8( 0x93, 0xE2, 0x7C, 0x7A, 0x41, 0x45, 0x75, 0x6A ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_30_X[] = {
+ BYTES_TO_T_UINT_8( 0xAE, 0xEE, 0x58, 0x31, 0xE8, 0x68, 0xD6, 0x76 ),
+ BYTES_TO_T_UINT_8( 0xD2, 0x2E, 0x48, 0xB7, 0x09, 0x9F, 0xD4, 0xCA ),
+ BYTES_TO_T_UINT_8( 0x34, 0xA9, 0x5C, 0xE7, 0x64, 0x43, 0x5D, 0xC9 ),
+ BYTES_TO_T_UINT_8( 0x9E, 0x58, 0x9F, 0x50, 0xAB, 0x68, 0xFF, 0x6D ),
+ BYTES_TO_T_UINT_8( 0x87, 0x88, 0x2D, 0xBA, 0x12, 0xBF, 0x8D, 0x7D ),
+ BYTES_TO_T_UINT_8( 0xD4, 0xDF, 0x6F, 0xB3, 0x75, 0xA4, 0x55, 0x73 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_30_Y[] = {
+ BYTES_TO_T_UINT_8( 0x6D, 0x17, 0x92, 0x39, 0xB7, 0x13, 0x37, 0x6F ),
+ BYTES_TO_T_UINT_8( 0x5E, 0x43, 0x71, 0xA7, 0xCA, 0x17, 0x1B, 0x32 ),
+ BYTES_TO_T_UINT_8( 0xE7, 0xB9, 0xB0, 0x78, 0xEF, 0xA0, 0xDA, 0x83 ),
+ BYTES_TO_T_UINT_8( 0x9A, 0x84, 0xF2, 0x0F, 0x85, 0xA2, 0xB6, 0x1F ),
+ BYTES_TO_T_UINT_8( 0x72, 0x65, 0x2E, 0x6E, 0x45, 0xB9, 0x4C, 0x3C ),
+ BYTES_TO_T_UINT_8( 0xFE, 0x6A, 0x8C, 0x2B, 0x77, 0x96, 0x36, 0x22 ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_31_X[] = {
+ BYTES_TO_T_UINT_8( 0x68, 0x7A, 0x13, 0x4A, 0x97, 0x63, 0x02, 0x10 ),
+ BYTES_TO_T_UINT_8( 0xBC, 0x1E, 0x06, 0x03, 0x8F, 0xB9, 0xEE, 0x64 ),
+ BYTES_TO_T_UINT_8( 0x68, 0xEE, 0x8B, 0x89, 0xA9, 0x70, 0xDB, 0xCE ),
+ BYTES_TO_T_UINT_8( 0x15, 0x7B, 0x81, 0xC9, 0x70, 0x8D, 0x62, 0x32 ),
+ BYTES_TO_T_UINT_8( 0x75, 0xDA, 0x46, 0xF8, 0xF9, 0x3A, 0xBE, 0x55 ),
+ BYTES_TO_T_UINT_8( 0x9F, 0x9C, 0x7A, 0x97, 0x62, 0xEB, 0xFA, 0x0F ),
+};
+static const mbedtls_mpi_uint brainpoolP384r1_T_31_Y[] = {
+ BYTES_TO_T_UINT_8( 0xB2, 0x03, 0x3D, 0x3C, 0x46, 0x27, 0x9E, 0x65 ),
+ BYTES_TO_T_UINT_8( 0xA4, 0x08, 0x1C, 0xD5, 0x25, 0xAF, 0xE9, 0x40 ),
+ BYTES_TO_T_UINT_8( 0xFE, 0x69, 0xDC, 0x59, 0xF4, 0x8A, 0x7C, 0x1F ),
+ BYTES_TO_T_UINT_8( 0xFC, 0x9A, 0x7A, 0x99, 0x21, 0x0C, 0x4E, 0xE3 ),
+ BYTES_TO_T_UINT_8( 0xF5, 0xCE, 0x85, 0x5F, 0xAC, 0xAA, 0x82, 0x10 ),
+ BYTES_TO_T_UINT_8( 0x83, 0x57, 0x69, 0x90, 0x76, 0xF3, 0x53, 0x3F ),
+};
+static const mbedtls_ecp_point brainpoolP384r1_T[32] = {
+ ECP_POINT_INIT_XY_Z1(brainpoolP384r1_T_0_X, brainpoolP384r1_T_0_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_1_X, brainpoolP384r1_T_1_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_2_X, brainpoolP384r1_T_2_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_3_X, brainpoolP384r1_T_3_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_4_X, brainpoolP384r1_T_4_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_5_X, brainpoolP384r1_T_5_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_6_X, brainpoolP384r1_T_6_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_7_X, brainpoolP384r1_T_7_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_8_X, brainpoolP384r1_T_8_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_9_X, brainpoolP384r1_T_9_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_10_X, brainpoolP384r1_T_10_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_11_X, brainpoolP384r1_T_11_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_12_X, brainpoolP384r1_T_12_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_13_X, brainpoolP384r1_T_13_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_14_X, brainpoolP384r1_T_14_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_15_X, brainpoolP384r1_T_15_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_16_X, brainpoolP384r1_T_16_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_17_X, brainpoolP384r1_T_17_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_18_X, brainpoolP384r1_T_18_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_19_X, brainpoolP384r1_T_19_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_20_X, brainpoolP384r1_T_20_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_21_X, brainpoolP384r1_T_21_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_22_X, brainpoolP384r1_T_22_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_23_X, brainpoolP384r1_T_23_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_24_X, brainpoolP384r1_T_24_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_25_X, brainpoolP384r1_T_25_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_26_X, brainpoolP384r1_T_26_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_27_X, brainpoolP384r1_T_27_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_28_X, brainpoolP384r1_T_28_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_29_X, brainpoolP384r1_T_29_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_30_X, brainpoolP384r1_T_30_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP384r1_T_31_X, brainpoolP384r1_T_31_Y),
+};
+#else
+#define brainpoolP384r1_T NULL
+#endif
+
#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
/*
@@ -551,22 +3864,686 @@
BYTES_TO_T_UINT_8( 0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F ),
BYTES_TO_T_UINT_8( 0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA ),
};
-#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
- defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-/* For these curves, we build the group parameters dynamically. */
-#define ECP_LOAD_GROUP
+#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
+static const mbedtls_mpi_uint brainpoolP512r1_T_0_X[] = {
+ BYTES_TO_T_UINT_8( 0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B ),
+ BYTES_TO_T_UINT_8( 0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C ),
+ BYTES_TO_T_UINT_8( 0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50 ),
+ BYTES_TO_T_UINT_8( 0x8D, 0xD4, 0xD0, 0xE2, 0x78, 0x1F, 0x3B, 0xFF ),
+ BYTES_TO_T_UINT_8( 0x8E, 0x09, 0xD0, 0xF4, 0xEE, 0x62, 0x3B, 0xB4 ),
+ BYTES_TO_T_UINT_8( 0xC1, 0x16, 0xD9, 0xB5, 0x70, 0x9F, 0xED, 0x85 ),
+ BYTES_TO_T_UINT_8( 0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A ),
+ BYTES_TO_T_UINT_8( 0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_0_Y[] = {
+ BYTES_TO_T_UINT_8( 0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78 ),
+ BYTES_TO_T_UINT_8( 0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1 ),
+ BYTES_TO_T_UINT_8( 0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B ),
+ BYTES_TO_T_UINT_8( 0x5E, 0x48, 0x5F, 0x4A, 0x49, 0xDE, 0xDC, 0xB2 ),
+ BYTES_TO_T_UINT_8( 0x11, 0x81, 0x1F, 0x88, 0x5B, 0xC5, 0x00, 0xA0 ),
+ BYTES_TO_T_UINT_8( 0x1A, 0x7B, 0xA5, 0x24, 0x00, 0xF7, 0x09, 0xF2 ),
+ BYTES_TO_T_UINT_8( 0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0 ),
+ BYTES_TO_T_UINT_8( 0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_1_X[] = {
+ BYTES_TO_T_UINT_8( 0xEA, 0xE9, 0x6B, 0x8C, 0x6F, 0x9D, 0x88, 0x43 ),
+ BYTES_TO_T_UINT_8( 0xBB, 0x4F, 0x86, 0x96, 0xA7, 0x56, 0xD1, 0x37 ),
+ BYTES_TO_T_UINT_8( 0x9D, 0xAB, 0xFA, 0xEE, 0xA7, 0xF5, 0x0E, 0xA6 ),
+ BYTES_TO_T_UINT_8( 0xE3, 0x40, 0xEF, 0x9E, 0x6D, 0xD6, 0x32, 0x33 ),
+ BYTES_TO_T_UINT_8( 0xE3, 0xED, 0x56, 0x14, 0x57, 0x1A, 0x8D, 0x69 ),
+ BYTES_TO_T_UINT_8( 0xA4, 0xED, 0x4D, 0x3A, 0xFA, 0x71, 0x75, 0x6B ),
+ BYTES_TO_T_UINT_8( 0x66, 0xC5, 0x76, 0x1C, 0x14, 0xBE, 0xB5, 0xCD ),
+ BYTES_TO_T_UINT_8( 0xE1, 0x5A, 0xCB, 0xE7, 0x36, 0x1D, 0x52, 0x1C ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_1_Y[] = {
+ BYTES_TO_T_UINT_8( 0x6B, 0x8D, 0x7A, 0xEB, 0xA3, 0x8B, 0xD5, 0xB0 ),
+ BYTES_TO_T_UINT_8( 0x1F, 0xA3, 0x41, 0xF8, 0xAC, 0x9E, 0xAB, 0x74 ),
+ BYTES_TO_T_UINT_8( 0x12, 0xE3, 0x65, 0x0D, 0x1C, 0xFE, 0x09, 0x2B ),
+ BYTES_TO_T_UINT_8( 0x3F, 0xCA, 0x13, 0x3F, 0xC5, 0xF9, 0x7E, 0xEC ),
+ BYTES_TO_T_UINT_8( 0x2C, 0x5D, 0x63, 0x28, 0xA6, 0x89, 0xD3, 0x91 ),
+ BYTES_TO_T_UINT_8( 0xC9, 0x95, 0x3F, 0x7A, 0x82, 0xD4, 0x77, 0xE3 ),
+ BYTES_TO_T_UINT_8( 0x34, 0xBB, 0x92, 0x32, 0x00, 0xF4, 0x66, 0x42 ),
+ BYTES_TO_T_UINT_8( 0xBA, 0x58, 0x31, 0xD1, 0x17, 0x9F, 0x2A, 0x22 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_2_X[] = {
+ BYTES_TO_T_UINT_8( 0x52, 0x36, 0xA9, 0xCD, 0x80, 0xA5, 0x2D, 0x78 ),
+ BYTES_TO_T_UINT_8( 0x91, 0x44, 0xAB, 0xCE, 0x71, 0xFF, 0x0C, 0x9B ),
+ BYTES_TO_T_UINT_8( 0x18, 0x24, 0x58, 0x35, 0x5A, 0x21, 0x32, 0x93 ),
+ BYTES_TO_T_UINT_8( 0x1B, 0xA6, 0x28, 0xF8, 0x7A, 0x97, 0xAE, 0x8B ),
+ BYTES_TO_T_UINT_8( 0x84, 0xE7, 0x08, 0xFA, 0x47, 0xC9, 0x55, 0x09 ),
+ BYTES_TO_T_UINT_8( 0x8D, 0xAC, 0x2E, 0x84, 0xA4, 0xF5, 0x52, 0xC4 ),
+ BYTES_TO_T_UINT_8( 0xD9, 0x58, 0x05, 0x9D, 0xA7, 0xC8, 0x71, 0xBF ),
+ BYTES_TO_T_UINT_8( 0xB3, 0x92, 0xB4, 0x92, 0xC1, 0x92, 0xEC, 0x6B ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_2_Y[] = {
+ BYTES_TO_T_UINT_8( 0x4A, 0x48, 0x2D, 0x79, 0x5E, 0x58, 0xE5, 0x69 ),
+ BYTES_TO_T_UINT_8( 0xB4, 0x85, 0x26, 0xEC, 0xE9, 0x6E, 0xD4, 0x06 ),
+ BYTES_TO_T_UINT_8( 0x98, 0x68, 0x26, 0x87, 0x38, 0xA2, 0xD2, 0x0B ),
+ BYTES_TO_T_UINT_8( 0xF7, 0x17, 0x60, 0xCE, 0x75, 0xF8, 0xA5, 0x6F ),
+ BYTES_TO_T_UINT_8( 0x20, 0x51, 0xDB, 0xA9, 0xAE, 0x87, 0xF1, 0x15 ),
+ BYTES_TO_T_UINT_8( 0xDD, 0x49, 0x92, 0x3B, 0x19, 0x96, 0xF5, 0xB0 ),
+ BYTES_TO_T_UINT_8( 0xC4, 0xD5, 0x52, 0x52, 0x8C, 0xCE, 0xFD, 0xFA ),
+ BYTES_TO_T_UINT_8( 0x24, 0x18, 0x0A, 0xE6, 0xF6, 0xAE, 0x08, 0x41 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_3_X[] = {
+ BYTES_TO_T_UINT_8( 0x7E, 0x2B, 0xD8, 0x54, 0xCE, 0xB0, 0x57, 0xFE ),
+ BYTES_TO_T_UINT_8( 0x8A, 0xB0, 0xF8, 0x9E, 0x03, 0x03, 0x3C, 0x5D ),
+ BYTES_TO_T_UINT_8( 0x93, 0x0E, 0x29, 0x29, 0x00, 0xF3, 0x70, 0xBF ),
+ BYTES_TO_T_UINT_8( 0x54, 0x33, 0x99, 0x0E, 0x00, 0x5D, 0xFE, 0x4B ),
+ BYTES_TO_T_UINT_8( 0x46, 0x2D, 0xF2, 0x59, 0x32, 0xCF, 0x03, 0xF4 ),
+ BYTES_TO_T_UINT_8( 0x3B, 0xC9, 0x72, 0xAE, 0x0C, 0xEF, 0xD1, 0x5B ),
+ BYTES_TO_T_UINT_8( 0xB6, 0x5A, 0x27, 0xBF, 0x2F, 0x45, 0xF9, 0x51 ),
+ BYTES_TO_T_UINT_8( 0xD4, 0xBE, 0xE5, 0x2C, 0xFF, 0x5B, 0x1E, 0x88 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_3_Y[] = {
+ BYTES_TO_T_UINT_8( 0xAA, 0xAC, 0xBB, 0xD8, 0x83, 0xC2, 0x46, 0xF6 ),
+ BYTES_TO_T_UINT_8( 0xCF, 0xDC, 0xCE, 0x15, 0xB4, 0xEF, 0xCF, 0x46 ),
+ BYTES_TO_T_UINT_8( 0x46, 0xDB, 0x5E, 0x94, 0x31, 0x0B, 0xB2, 0x7A ),
+ BYTES_TO_T_UINT_8( 0x3C, 0xB9, 0xE3, 0xE3, 0x11, 0x71, 0x41, 0x1E ),
+ BYTES_TO_T_UINT_8( 0x36, 0xE3, 0x01, 0xB7, 0x7D, 0xBC, 0x65, 0xBE ),
+ BYTES_TO_T_UINT_8( 0xFC, 0x07, 0x65, 0x87, 0xA7, 0xE8, 0x48, 0xE3 ),
+ BYTES_TO_T_UINT_8( 0x66, 0x48, 0x8F, 0xD4, 0x30, 0x8E, 0xB4, 0x6C ),
+ BYTES_TO_T_UINT_8( 0x86, 0xE0, 0x73, 0xBE, 0x1E, 0xBF, 0x56, 0x36 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_4_X[] = {
+ BYTES_TO_T_UINT_8( 0xFE, 0x0E, 0x5E, 0x87, 0xC5, 0xAB, 0x0E, 0x3C ),
+ BYTES_TO_T_UINT_8( 0xB9, 0xF9, 0x5F, 0x80, 0x24, 0x4C, 0x2A, 0xF1 ),
+ BYTES_TO_T_UINT_8( 0xDE, 0x15, 0x21, 0x54, 0x92, 0x84, 0x8D, 0x6A ),
+ BYTES_TO_T_UINT_8( 0xA8, 0x8A, 0x47, 0x74, 0xDC, 0x42, 0xB1, 0xF8 ),
+ BYTES_TO_T_UINT_8( 0x81, 0xF7, 0x30, 0xFD, 0xC1, 0x9B, 0x0C, 0x5B ),
+ BYTES_TO_T_UINT_8( 0x4E, 0x6C, 0xCC, 0xDF, 0xC5, 0xE3, 0xA9, 0xD5 ),
+ BYTES_TO_T_UINT_8( 0xD6, 0x67, 0x59, 0x10, 0x5C, 0x51, 0x54, 0x40 ),
+ BYTES_TO_T_UINT_8( 0xA0, 0x37, 0xFB, 0x6E, 0xB0, 0x78, 0x63, 0x8E ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_4_Y[] = {
+ BYTES_TO_T_UINT_8( 0xA5, 0xEF, 0xC4, 0x39, 0x20, 0xF1, 0x46, 0x66 ),
+ BYTES_TO_T_UINT_8( 0xE2, 0x62, 0xAE, 0xFF, 0x10, 0xE4, 0xE2, 0xE9 ),
+ BYTES_TO_T_UINT_8( 0xFF, 0x5C, 0xF5, 0x2E, 0x22, 0x89, 0xE5, 0x82 ),
+ BYTES_TO_T_UINT_8( 0x89, 0x0C, 0x29, 0xA8, 0x62, 0xAE, 0xDB, 0x65 ),
+ BYTES_TO_T_UINT_8( 0xD7, 0x9E, 0x0F, 0xCA, 0x87, 0x2A, 0x6F, 0x7B ),
+ BYTES_TO_T_UINT_8( 0xCE, 0xDC, 0x9B, 0x9F, 0x65, 0xD4, 0xAD, 0x27 ),
+ BYTES_TO_T_UINT_8( 0xED, 0xC3, 0x08, 0x0F, 0xCF, 0x67, 0xE9, 0xF4 ),
+ BYTES_TO_T_UINT_8( 0x92, 0x5C, 0xD7, 0xFF, 0x41, 0x9C, 0xCB, 0x26 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_5_X[] = {
+ BYTES_TO_T_UINT_8( 0x37, 0x25, 0x05, 0x12, 0xAD, 0x73, 0x63, 0x90 ),
+ BYTES_TO_T_UINT_8( 0xC7, 0x99, 0x07, 0x86, 0x57, 0xE7, 0x94, 0xB1 ),
+ BYTES_TO_T_UINT_8( 0x00, 0x4B, 0xA5, 0xBF, 0x18, 0xA9, 0xEF, 0x6A ),
+ BYTES_TO_T_UINT_8( 0xFA, 0x4C, 0xC4, 0x09, 0xF2, 0x2F, 0x0C, 0xAA ),
+ BYTES_TO_T_UINT_8( 0x8C, 0x3A, 0x04, 0xEA, 0x89, 0x6C, 0x91, 0xB9 ),
+ BYTES_TO_T_UINT_8( 0x7D, 0x6C, 0x3A, 0xE7, 0xA3, 0xEC, 0x24, 0x7B ),
+ BYTES_TO_T_UINT_8( 0x16, 0xA1, 0x26, 0x21, 0x04, 0xE3, 0xB9, 0x40 ),
+ BYTES_TO_T_UINT_8( 0x53, 0x71, 0x4B, 0x7B, 0xC2, 0x89, 0xCD, 0xA2 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_5_Y[] = {
+ BYTES_TO_T_UINT_8( 0xB7, 0xB9, 0xA8, 0x9D, 0xFD, 0x00, 0x3A, 0x1F ),
+ BYTES_TO_T_UINT_8( 0x63, 0x41, 0x6C, 0xBB, 0x5A, 0xCA, 0x1F, 0x74 ),
+ BYTES_TO_T_UINT_8( 0x2A, 0xD7, 0xE2, 0x6C, 0x6B, 0xA7, 0x48, 0xC9 ),
+ BYTES_TO_T_UINT_8( 0x1E, 0x19, 0xAD, 0xA7, 0xC1, 0x7E, 0x4F, 0x6E ),
+ BYTES_TO_T_UINT_8( 0xD1, 0xF7, 0x19, 0x3C, 0x06, 0x74, 0x2C, 0x3A ),
+ BYTES_TO_T_UINT_8( 0xC5, 0x23, 0x4F, 0x0C, 0x09, 0xB0, 0x80, 0x4A ),
+ BYTES_TO_T_UINT_8( 0x4E, 0x74, 0x34, 0x08, 0x44, 0x7E, 0xA3, 0xDD ),
+ BYTES_TO_T_UINT_8( 0xFB, 0xCC, 0x8D, 0x12, 0x6E, 0xE1, 0x3D, 0x0B ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_6_X[] = {
+ BYTES_TO_T_UINT_8( 0x38, 0x18, 0xB1, 0x71, 0x02, 0x93, 0xC2, 0xA4 ),
+ BYTES_TO_T_UINT_8( 0xC9, 0x89, 0x40, 0xE2, 0x1F, 0xE7, 0x5E, 0x68 ),
+ BYTES_TO_T_UINT_8( 0x50, 0x8E, 0xAE, 0x89, 0x01, 0xD4, 0x0C, 0xEB ),
+ BYTES_TO_T_UINT_8( 0xAE, 0xDA, 0x58, 0x70, 0x24, 0xF2, 0xE4, 0x5F ),
+ BYTES_TO_T_UINT_8( 0x6F, 0xC7, 0x1D, 0xD6, 0x4A, 0x6F, 0x66, 0x4F ),
+ BYTES_TO_T_UINT_8( 0x92, 0x1D, 0x7E, 0x4A, 0x2C, 0xCA, 0xEC, 0x3B ),
+ BYTES_TO_T_UINT_8( 0xA1, 0x06, 0x7F, 0xA8, 0x99, 0xE4, 0xD3, 0x4E ),
+ BYTES_TO_T_UINT_8( 0x2A, 0x1D, 0x5A, 0xDF, 0x5E, 0x58, 0x36, 0x49 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_6_Y[] = {
+ BYTES_TO_T_UINT_8( 0x9C, 0xB9, 0x32, 0x69, 0x1F, 0x72, 0x2A, 0xB3 ),
+ BYTES_TO_T_UINT_8( 0x1C, 0x73, 0xE2, 0x03, 0x39, 0x35, 0xAA, 0xA8 ),
+ BYTES_TO_T_UINT_8( 0xEB, 0x5E, 0x5D, 0x48, 0xEF, 0xAE, 0x30, 0xF5 ),
+ BYTES_TO_T_UINT_8( 0x77, 0x7F, 0x60, 0x19, 0xAF, 0xEC, 0x9D, 0xFC ),
+ BYTES_TO_T_UINT_8( 0xCA, 0xD9, 0x19, 0xE4, 0x1B, 0x56, 0x15, 0x5F ),
+ BYTES_TO_T_UINT_8( 0xBC, 0xD7, 0x33, 0x59, 0x1F, 0x43, 0x59, 0x2C ),
+ BYTES_TO_T_UINT_8( 0xC6, 0xCE, 0xEE, 0xCA, 0xA4, 0x7F, 0x63, 0xD4 ),
+ BYTES_TO_T_UINT_8( 0xBD, 0x40, 0xC0, 0xF6, 0x19, 0x89, 0x43, 0x20 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_7_X[] = {
+ BYTES_TO_T_UINT_8( 0xEB, 0x92, 0xEA, 0x07, 0x65, 0x79, 0x86, 0xD3 ),
+ BYTES_TO_T_UINT_8( 0xFF, 0xB7, 0x13, 0x75, 0xD3, 0xC5, 0x0A, 0xC9 ),
+ BYTES_TO_T_UINT_8( 0x26, 0x9E, 0xFA, 0xE1, 0x1F, 0x0C, 0xF9, 0x74 ),
+ BYTES_TO_T_UINT_8( 0xB4, 0x8C, 0xED, 0x5C, 0x21, 0xE9, 0x09, 0xDD ),
+ BYTES_TO_T_UINT_8( 0xF4, 0x4D, 0xD8, 0x18, 0xC4, 0xF6, 0x36, 0x39 ),
+ BYTES_TO_T_UINT_8( 0xC7, 0xC9, 0xAC, 0x5C, 0xFA, 0x69, 0xA4, 0xA0 ),
+ BYTES_TO_T_UINT_8( 0x6B, 0x8C, 0x94, 0x1C, 0x7B, 0x71, 0x36, 0x58 ),
+ BYTES_TO_T_UINT_8( 0x7C, 0xBD, 0x46, 0xCE, 0xB7, 0x1D, 0x9C, 0x5E ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_7_Y[] = {
+ BYTES_TO_T_UINT_8( 0xEA, 0xD6, 0x96, 0x4B, 0xA6, 0x47, 0xEB, 0xE5 ),
+ BYTES_TO_T_UINT_8( 0x5F, 0xF1, 0x5F, 0x15, 0xDE, 0x99, 0x6F, 0x66 ),
+ BYTES_TO_T_UINT_8( 0x21, 0xBD, 0xE5, 0x04, 0xB8, 0xE6, 0xC0, 0x0B ),
+ BYTES_TO_T_UINT_8( 0x49, 0xD3, 0xF0, 0x04, 0x00, 0xE4, 0x05, 0xDB ),
+ BYTES_TO_T_UINT_8( 0x96, 0xF3, 0x06, 0xA3, 0x1A, 0xFF, 0xEA, 0x73 ),
+ BYTES_TO_T_UINT_8( 0x08, 0x32, 0xAA, 0x99, 0x33, 0x09, 0xB6, 0x34 ),
+ BYTES_TO_T_UINT_8( 0x6E, 0xEF, 0xFC, 0x61, 0x10, 0x42, 0x31, 0x94 ),
+ BYTES_TO_T_UINT_8( 0x34, 0xF1, 0xF4, 0x33, 0xCF, 0x28, 0x90, 0x9C ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_8_X[] = {
+ BYTES_TO_T_UINT_8( 0x10, 0xDE, 0xF9, 0x88, 0x87, 0x7B, 0xEB, 0xC9 ),
+ BYTES_TO_T_UINT_8( 0x66, 0xB8, 0xDA, 0xFA, 0xDA, 0x3D, 0xA6, 0x17 ),
+ BYTES_TO_T_UINT_8( 0xA0, 0xF0, 0x62, 0x82, 0x53, 0x32, 0x55, 0x03 ),
+ BYTES_TO_T_UINT_8( 0x2F, 0xA5, 0x32, 0x4A, 0x19, 0x11, 0x9C, 0x10 ),
+ BYTES_TO_T_UINT_8( 0x16, 0xB3, 0x27, 0xE9, 0x75, 0x90, 0x05, 0x2D ),
+ BYTES_TO_T_UINT_8( 0x63, 0x1C, 0x90, 0x48, 0x77, 0x01, 0x85, 0x1B ),
+ BYTES_TO_T_UINT_8( 0xC7, 0xD6, 0x9B, 0x84, 0xA8, 0xD7, 0xC5, 0x28 ),
+ BYTES_TO_T_UINT_8( 0xE1, 0x7A, 0xCB, 0xB3, 0x11, 0x46, 0xD7, 0x99 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_8_Y[] = {
+ BYTES_TO_T_UINT_8( 0x8B, 0x23, 0xBF, 0x75, 0x75, 0xA1, 0x95, 0x90 ),
+ BYTES_TO_T_UINT_8( 0x4B, 0x66, 0x5D, 0x34, 0x13, 0xA9, 0x03, 0xBE ),
+ BYTES_TO_T_UINT_8( 0x29, 0x80, 0x9D, 0x5F, 0xD2, 0x44, 0xE1, 0x62 ),
+ BYTES_TO_T_UINT_8( 0x96, 0x5D, 0xBD, 0xA8, 0xBF, 0xB4, 0x25, 0x1F ),
+ BYTES_TO_T_UINT_8( 0x6A, 0x99, 0x1F, 0x53, 0xF1, 0x57, 0xDB, 0xE7 ),
+ BYTES_TO_T_UINT_8( 0x21, 0x7C, 0xE5, 0xC5, 0x51, 0x0B, 0x4C, 0x9B ),
+ BYTES_TO_T_UINT_8( 0x6B, 0xB0, 0x1A, 0x9C, 0x16, 0xB0, 0x32, 0x1F ),
+ BYTES_TO_T_UINT_8( 0xF4, 0xE3, 0xCF, 0xDD, 0x48, 0xB4, 0x7B, 0x33 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_9_X[] = {
+ BYTES_TO_T_UINT_8( 0xC0, 0xDD, 0x9E, 0x3C, 0x98, 0x0E, 0x77, 0x65 ),
+ BYTES_TO_T_UINT_8( 0x6C, 0xAB, 0x01, 0xD3, 0x87, 0x74, 0x25, 0x4A ),
+ BYTES_TO_T_UINT_8( 0x87, 0xA3, 0xE3, 0x76, 0x43, 0x87, 0x12, 0xBD ),
+ BYTES_TO_T_UINT_8( 0x54, 0xB1, 0x3B, 0x60, 0x66, 0xEB, 0x98, 0x54 ),
+ BYTES_TO_T_UINT_8( 0xD2, 0x78, 0xC8, 0xD7, 0x4E, 0x75, 0xCA, 0x69 ),
+ BYTES_TO_T_UINT_8( 0x07, 0xDF, 0x71, 0x19, 0xE7, 0x07, 0x36, 0xB5 ),
+ BYTES_TO_T_UINT_8( 0x6D, 0xC9, 0xA8, 0x5F, 0x91, 0xBF, 0x47, 0xB2 ),
+ BYTES_TO_T_UINT_8( 0x80, 0x96, 0x58, 0x96, 0x18, 0xB6, 0xFA, 0x01 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_9_Y[] = {
+ BYTES_TO_T_UINT_8( 0xD0, 0x2D, 0xA9, 0x9B, 0x86, 0xDB, 0x0C, 0x4C ),
+ BYTES_TO_T_UINT_8( 0xE4, 0x0B, 0x2D, 0x56, 0x4A, 0xD3, 0x93, 0x8A ),
+ BYTES_TO_T_UINT_8( 0xB5, 0x15, 0xE2, 0x65, 0x12, 0x86, 0x0E, 0xB2 ),
+ BYTES_TO_T_UINT_8( 0xB4, 0x41, 0x4D, 0xC1, 0xCB, 0xE4, 0xC3, 0xD7 ),
+ BYTES_TO_T_UINT_8( 0x6A, 0x53, 0x10, 0xCA, 0xA3, 0xAC, 0x83, 0x26 ),
+ BYTES_TO_T_UINT_8( 0x3E, 0x01, 0x22, 0x96, 0x10, 0xAD, 0x69, 0xDB ),
+ BYTES_TO_T_UINT_8( 0x42, 0x46, 0x4E, 0xD8, 0xEA, 0xD6, 0x9D, 0xF3 ),
+ BYTES_TO_T_UINT_8( 0x43, 0x2F, 0x7F, 0x62, 0x62, 0x80, 0xD0, 0x14 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_10_X[] = {
+ BYTES_TO_T_UINT_8( 0xB2, 0xDA, 0x00, 0x63, 0x09, 0xBD, 0x6A, 0x83 ),
+ BYTES_TO_T_UINT_8( 0x0F, 0xD4, 0x6E, 0x48, 0x05, 0xB7, 0xF7, 0x17 ),
+ BYTES_TO_T_UINT_8( 0x14, 0x4D, 0xD7, 0x00, 0x4A, 0x15, 0x27, 0x7A ),
+ BYTES_TO_T_UINT_8( 0x3A, 0x15, 0xAA, 0x37, 0x27, 0x34, 0x18, 0x24 ),
+ BYTES_TO_T_UINT_8( 0x3A, 0x20, 0x2C, 0x84, 0x1B, 0x88, 0xBA, 0x05 ),
+ BYTES_TO_T_UINT_8( 0xAC, 0x09, 0xD6, 0x04, 0xA2, 0x60, 0x84, 0x72 ),
+ BYTES_TO_T_UINT_8( 0xC8, 0x04, 0x94, 0x08, 0xD4, 0xED, 0x47, 0xDB ),
+ BYTES_TO_T_UINT_8( 0x8B, 0xF3, 0xE4, 0x3E, 0xB9, 0x5B, 0x35, 0x42 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_10_Y[] = {
+ BYTES_TO_T_UINT_8( 0x5F, 0xD8, 0xB6, 0x80, 0xD6, 0xF1, 0x30, 0xDD ),
+ BYTES_TO_T_UINT_8( 0xD6, 0x14, 0xA6, 0x85, 0xEE, 0xA7, 0xD8, 0x61 ),
+ BYTES_TO_T_UINT_8( 0xE4, 0x49, 0x2A, 0x1E, 0x7C, 0xE9, 0x2D, 0xEC ),
+ BYTES_TO_T_UINT_8( 0x3A, 0x87, 0x56, 0x91, 0x03, 0x77, 0x4D, 0x55 ),
+ BYTES_TO_T_UINT_8( 0x0E, 0x52, 0xD4, 0xAA, 0xF7, 0xFA, 0xB0, 0xC5 ),
+ BYTES_TO_T_UINT_8( 0x04, 0x5D, 0x11, 0x39, 0xB1, 0xE7, 0x76, 0xAD ),
+ BYTES_TO_T_UINT_8( 0xD6, 0x13, 0xBC, 0x37, 0x5D, 0x74, 0xCD, 0xC2 ),
+ BYTES_TO_T_UINT_8( 0xC9, 0x48, 0x14, 0x23, 0x30, 0xF8, 0x46, 0x37 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_11_X[] = {
+ BYTES_TO_T_UINT_8( 0xAC, 0x27, 0xB0, 0xD9, 0xB2, 0x74, 0xB4, 0xC0 ),
+ BYTES_TO_T_UINT_8( 0xEA, 0xA6, 0xB9, 0x6F, 0x9F, 0x64, 0x36, 0x92 ),
+ BYTES_TO_T_UINT_8( 0x2E, 0x2B, 0x78, 0x40, 0x05, 0x2B, 0x7B, 0xA9 ),
+ BYTES_TO_T_UINT_8( 0xB3, 0x68, 0x3A, 0xB6, 0x4A, 0xE2, 0xDB, 0xB8 ),
+ BYTES_TO_T_UINT_8( 0x1E, 0x33, 0xD7, 0x34, 0x8B, 0x25, 0x45, 0xEF ),
+ BYTES_TO_T_UINT_8( 0x89, 0xCE, 0xA8, 0xC9, 0x01, 0xFB, 0x0E, 0x7B ),
+ BYTES_TO_T_UINT_8( 0xE2, 0xF9, 0x51, 0x4C, 0x12, 0x9F, 0x60, 0xE4 ),
+ BYTES_TO_T_UINT_8( 0x67, 0x85, 0xBD, 0x30, 0x37, 0x84, 0x39, 0x44 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_11_Y[] = {
+ BYTES_TO_T_UINT_8( 0x26, 0x33, 0xAF, 0x2E, 0xB8, 0x2E, 0xCC, 0x3C ),
+ BYTES_TO_T_UINT_8( 0xA4, 0xB1, 0x73, 0x59, 0x4E, 0x0C, 0x09, 0x4A ),
+ BYTES_TO_T_UINT_8( 0x8A, 0x24, 0x89, 0x81, 0x12, 0xFF, 0xBB, 0x6E ),
+ BYTES_TO_T_UINT_8( 0x71, 0x37, 0x1A, 0x66, 0xEE, 0xED, 0xB6, 0x9B ),
+ BYTES_TO_T_UINT_8( 0x16, 0xBD, 0x04, 0x20, 0x5D, 0xFB, 0xBF, 0x95 ),
+ BYTES_TO_T_UINT_8( 0xA0, 0xF8, 0x34, 0xA3, 0xFF, 0x45, 0xDE, 0x92 ),
+ BYTES_TO_T_UINT_8( 0x9B, 0x18, 0x73, 0xF1, 0x32, 0x25, 0x58, 0xEB ),
+ BYTES_TO_T_UINT_8( 0x63, 0xC1, 0x14, 0xE3, 0x9E, 0x40, 0x0F, 0x12 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_12_X[] = {
+ BYTES_TO_T_UINT_8( 0x61, 0x07, 0x9D, 0x9C, 0x00, 0xF7, 0x56, 0x19 ),
+ BYTES_TO_T_UINT_8( 0xFB, 0xBA, 0x87, 0xF9, 0x15, 0x0C, 0x66, 0x5D ),
+ BYTES_TO_T_UINT_8( 0x7E, 0x1F, 0xC1, 0x28, 0xB0, 0x47, 0x0D, 0xF5 ),
+ BYTES_TO_T_UINT_8( 0x96, 0xCA, 0x27, 0xEE, 0x4B, 0x23, 0x2B, 0x89 ),
+ BYTES_TO_T_UINT_8( 0x7E, 0xB5, 0x68, 0xC8, 0x17, 0x5D, 0xC3, 0xAA ),
+ BYTES_TO_T_UINT_8( 0x17, 0x02, 0x08, 0xEE, 0x20, 0x9D, 0xEA, 0x64 ),
+ BYTES_TO_T_UINT_8( 0xA7, 0x14, 0x50, 0xD4, 0x7D, 0x5F, 0xCF, 0xA0 ),
+ BYTES_TO_T_UINT_8( 0xD5, 0xFA, 0xF8, 0xA7, 0xC6, 0xDC, 0x14, 0x8C ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_12_Y[] = {
+ BYTES_TO_T_UINT_8( 0x76, 0xBD, 0x0A, 0x1A, 0x18, 0x98, 0xDC, 0xB0 ),
+ BYTES_TO_T_UINT_8( 0x63, 0x63, 0x02, 0xB7, 0xD5, 0x5B, 0x5A, 0xC6 ),
+ BYTES_TO_T_UINT_8( 0x51, 0xB1, 0xD7, 0x4B, 0x15, 0x39, 0x61, 0x5D ),
+ BYTES_TO_T_UINT_8( 0x5C, 0x32, 0xE1, 0x9E, 0x70, 0x1B, 0xCE, 0x51 ),
+ BYTES_TO_T_UINT_8( 0x64, 0xD8, 0x18, 0x83, 0x52, 0x9B, 0x6D, 0xA2 ),
+ BYTES_TO_T_UINT_8( 0xA4, 0x55, 0x56, 0x19, 0x34, 0xA4, 0xEA, 0xFC ),
+ BYTES_TO_T_UINT_8( 0x30, 0xA9, 0x55, 0x80, 0xE3, 0x15, 0x36, 0x8B ),
+ BYTES_TO_T_UINT_8( 0xBB, 0x06, 0xC8, 0x1D, 0x17, 0x0D, 0xAD, 0x16 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_13_X[] = {
+ BYTES_TO_T_UINT_8( 0x20, 0xD6, 0xF0, 0xCC, 0xF3, 0x63, 0x53, 0xD2 ),
+ BYTES_TO_T_UINT_8( 0x27, 0x5A, 0xDC, 0x46, 0xBD, 0x0D, 0xAD, 0x96 ),
+ BYTES_TO_T_UINT_8( 0x21, 0x2F, 0x11, 0x60, 0x15, 0x51, 0x4A, 0xEA ),
+ BYTES_TO_T_UINT_8( 0x33, 0xE3, 0x93, 0x38, 0xD5, 0x83, 0xAA, 0x0D ),
+ BYTES_TO_T_UINT_8( 0x90, 0xA6, 0xCC, 0xB1, 0xFD, 0xBB, 0x1A, 0x0F ),
+ BYTES_TO_T_UINT_8( 0x3B, 0x54, 0xC8, 0x54, 0x6F, 0x79, 0x1A, 0x59 ),
+ BYTES_TO_T_UINT_8( 0x3F, 0x4A, 0xDA, 0x28, 0x92, 0x97, 0x9D, 0x7F ),
+ BYTES_TO_T_UINT_8( 0xD6, 0x4B, 0xDB, 0xC7, 0x52, 0xC5, 0x66, 0x34 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_13_Y[] = {
+ BYTES_TO_T_UINT_8( 0x05, 0x7E, 0x92, 0x53, 0x30, 0x93, 0xFD, 0xFF ),
+ BYTES_TO_T_UINT_8( 0xA0, 0x16, 0x6A, 0xB1, 0x91, 0x0A, 0xB4, 0x52 ),
+ BYTES_TO_T_UINT_8( 0x6D, 0x9D, 0x40, 0x3F, 0xE3, 0xF1, 0x01, 0x46 ),
+ BYTES_TO_T_UINT_8( 0x13, 0x0E, 0xD8, 0xED, 0x11, 0x8E, 0x4C, 0xED ),
+ BYTES_TO_T_UINT_8( 0x86, 0x4A, 0x1B, 0x88, 0xDF, 0x8D, 0x29, 0xE7 ),
+ BYTES_TO_T_UINT_8( 0x97, 0x23, 0x21, 0x11, 0xAB, 0x77, 0x81, 0x62 ),
+ BYTES_TO_T_UINT_8( 0x0B, 0xAF, 0x11, 0xFA, 0xBA, 0x40, 0x63, 0xE7 ),
+ BYTES_TO_T_UINT_8( 0x2B, 0x6F, 0x8D, 0x80, 0xDF, 0x67, 0xF5, 0x44 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_14_X[] = {
+ BYTES_TO_T_UINT_8( 0xB2, 0x8B, 0xB7, 0x08, 0xF4, 0xD7, 0x2D, 0xA8 ),
+ BYTES_TO_T_UINT_8( 0xC7, 0x2B, 0x30, 0x02, 0x45, 0x71, 0x08, 0x49 ),
+ BYTES_TO_T_UINT_8( 0x97, 0x3A, 0xCA, 0x50, 0xF6, 0xC2, 0x19, 0x8C ),
+ BYTES_TO_T_UINT_8( 0x17, 0xB9, 0x9B, 0x3E, 0x73, 0x95, 0x1D, 0x49 ),
+ BYTES_TO_T_UINT_8( 0xB6, 0x60, 0x59, 0x48, 0xCB, 0xD8, 0xD6, 0xAA ),
+ BYTES_TO_T_UINT_8( 0xF0, 0xB9, 0x6C, 0x89, 0xAB, 0x99, 0xA8, 0xF8 ),
+ BYTES_TO_T_UINT_8( 0xEF, 0xA1, 0x8B, 0x4E, 0x06, 0x19, 0xEC, 0x99 ),
+ BYTES_TO_T_UINT_8( 0x70, 0x95, 0x04, 0xCF, 0xD5, 0x94, 0xB3, 0x02 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_14_Y[] = {
+ BYTES_TO_T_UINT_8( 0x29, 0x35, 0x93, 0x7C, 0xB3, 0xB8, 0x9E, 0x1B ),
+ BYTES_TO_T_UINT_8( 0xC4, 0x45, 0x5C, 0x7E, 0xBF, 0x75, 0x81, 0x0F ),
+ BYTES_TO_T_UINT_8( 0xDC, 0xE8, 0x24, 0xDF, 0xEC, 0x2F, 0x7D, 0xB9 ),
+ BYTES_TO_T_UINT_8( 0xF2, 0x8B, 0xD5, 0x6A, 0x9B, 0xA0, 0xE0, 0x4F ),
+ BYTES_TO_T_UINT_8( 0x32, 0xE3, 0x27, 0x82, 0xDE, 0xDD, 0xCA, 0x4B ),
+ BYTES_TO_T_UINT_8( 0xA7, 0x57, 0x56, 0x46, 0x05, 0x06, 0x01, 0x2E ),
+ BYTES_TO_T_UINT_8( 0x74, 0x35, 0xA7, 0x47, 0xE2, 0x6B, 0x2C, 0x4F ),
+ BYTES_TO_T_UINT_8( 0x38, 0x9D, 0x4C, 0xEC, 0x1F, 0x11, 0x75, 0x2B ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_15_X[] = {
+ BYTES_TO_T_UINT_8( 0xAC, 0xAA, 0x41, 0xC1, 0xE9, 0x0E, 0xE9, 0xAA ),
+ BYTES_TO_T_UINT_8( 0x0A, 0xCF, 0x9C, 0x4B, 0xE8, 0xED, 0x0A, 0x49 ),
+ BYTES_TO_T_UINT_8( 0x3D, 0x73, 0xCA, 0x0C, 0x46, 0x0A, 0x9C, 0xE4 ),
+ BYTES_TO_T_UINT_8( 0x99, 0xE1, 0x9E, 0xBC, 0xFE, 0x44, 0x63, 0x6D ),
+ BYTES_TO_T_UINT_8( 0x31, 0x43, 0x71, 0xEE, 0xF8, 0xC1, 0x8C, 0x5C ),
+ BYTES_TO_T_UINT_8( 0x6A, 0x4B, 0xF0, 0x69, 0x25, 0xBD, 0x71, 0x1A ),
+ BYTES_TO_T_UINT_8( 0xFD, 0x9A, 0xFE, 0x82, 0xE7, 0xC1, 0xC1, 0xEE ),
+ BYTES_TO_T_UINT_8( 0xFC, 0x5A, 0x6E, 0x5E, 0x97, 0x6A, 0x35, 0x8D ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_15_Y[] = {
+ BYTES_TO_T_UINT_8( 0xA2, 0x18, 0x6C, 0x7E, 0xB8, 0x9E, 0x57, 0x32 ),
+ BYTES_TO_T_UINT_8( 0x35, 0xB9, 0xC1, 0xD0, 0xFE, 0x78, 0xFB, 0x32 ),
+ BYTES_TO_T_UINT_8( 0x7C, 0x08, 0xAE, 0x46, 0x34, 0xEA, 0x7A, 0x7F ),
+ BYTES_TO_T_UINT_8( 0xE8, 0x1C, 0x56, 0xA9, 0x18, 0x37, 0xD4, 0x9E ),
+ BYTES_TO_T_UINT_8( 0x28, 0x63, 0xE9, 0x0A, 0xB6, 0x38, 0x3C, 0xC1 ),
+ BYTES_TO_T_UINT_8( 0x3E, 0x4F, 0xA4, 0x6E, 0x85, 0x31, 0x23, 0x52 ),
+ BYTES_TO_T_UINT_8( 0x0D, 0xAD, 0xC4, 0xC3, 0xB1, 0x4B, 0x1C, 0x82 ),
+ BYTES_TO_T_UINT_8( 0x30, 0x56, 0x4A, 0x38, 0xB3, 0x6B, 0x6F, 0x2C ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_16_X[] = {
+ BYTES_TO_T_UINT_8( 0x67, 0xC7, 0x19, 0xDE, 0x21, 0xED, 0x89, 0xD0 ),
+ BYTES_TO_T_UINT_8( 0x2F, 0xBE, 0xA6, 0xAE, 0xEB, 0x9D, 0xA7, 0x2A ),
+ BYTES_TO_T_UINT_8( 0x04, 0x0E, 0x13, 0x1E, 0x86, 0x57, 0xC3, 0x3B ),
+ BYTES_TO_T_UINT_8( 0x1F, 0x4B, 0x30, 0x46, 0x52, 0xC1, 0xEC, 0x52 ),
+ BYTES_TO_T_UINT_8( 0x6E, 0xD5, 0x44, 0x31, 0x96, 0x3B, 0x26, 0x27 ),
+ BYTES_TO_T_UINT_8( 0x77, 0x68, 0xA8, 0x67, 0x78, 0x39, 0xE8, 0x68 ),
+ BYTES_TO_T_UINT_8( 0x8E, 0x78, 0xB7, 0xDD, 0xF2, 0x58, 0xB6, 0x3D ),
+ BYTES_TO_T_UINT_8( 0x81, 0x3C, 0xB3, 0x26, 0xC4, 0x2C, 0x8C, 0xA5 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_16_Y[] = {
+ BYTES_TO_T_UINT_8( 0xB9, 0x24, 0xE5, 0x73, 0xEE, 0x9A, 0x02, 0xA9 ),
+ BYTES_TO_T_UINT_8( 0xD9, 0x6A, 0x65, 0x60, 0xF3, 0x62, 0xE3, 0xE9 ),
+ BYTES_TO_T_UINT_8( 0xFB, 0x07, 0x84, 0xE6, 0x3B, 0x46, 0x65, 0x9F ),
+ BYTES_TO_T_UINT_8( 0xE1, 0x8F, 0x0C, 0xB0, 0xE1, 0x04, 0x82, 0x9D ),
+ BYTES_TO_T_UINT_8( 0xEB, 0x13, 0xBF, 0x3D, 0xA0, 0x48, 0xA2, 0x74 ),
+ BYTES_TO_T_UINT_8( 0x08, 0x26, 0x76, 0x74, 0xAB, 0x0B, 0x29, 0xE8 ),
+ BYTES_TO_T_UINT_8( 0x30, 0x6E, 0x5F, 0x03, 0x34, 0x7C, 0x38, 0xCE ),
+ BYTES_TO_T_UINT_8( 0x4D, 0x72, 0xF9, 0x3B, 0x3C, 0xA4, 0xBC, 0x7C ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_17_X[] = {
+ BYTES_TO_T_UINT_8( 0x5C, 0xCE, 0x18, 0x80, 0xB8, 0x24, 0x45, 0x81 ),
+ BYTES_TO_T_UINT_8( 0xF1, 0x09, 0x03, 0xB8, 0x06, 0x64, 0xF7, 0xEC ),
+ BYTES_TO_T_UINT_8( 0xF1, 0x26, 0xB1, 0x10, 0x6D, 0x71, 0x12, 0x2E ),
+ BYTES_TO_T_UINT_8( 0xAD, 0x12, 0xC6, 0x6E, 0x1E, 0x6A, 0xC3, 0x80 ),
+ BYTES_TO_T_UINT_8( 0xE5, 0xD3, 0x0A, 0xDE, 0xD8, 0x6B, 0x04, 0x5C ),
+ BYTES_TO_T_UINT_8( 0x96, 0x87, 0x5B, 0xAE, 0xDB, 0x3C, 0xC0, 0xC5 ),
+ BYTES_TO_T_UINT_8( 0x8E, 0xF5, 0xF9, 0xC1, 0x9A, 0x89, 0xBB, 0x7E ),
+ BYTES_TO_T_UINT_8( 0xED, 0x69, 0x72, 0x8B, 0xAE, 0x32, 0x13, 0x11 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_17_Y[] = {
+ BYTES_TO_T_UINT_8( 0xF9, 0x16, 0x07, 0x50, 0xFA, 0x4C, 0xCF, 0xE8 ),
+ BYTES_TO_T_UINT_8( 0xF8, 0x50, 0x21, 0xE9, 0xDE, 0xEC, 0x7E, 0xDF ),
+ BYTES_TO_T_UINT_8( 0x7C, 0x2F, 0xE8, 0x83, 0x30, 0x0B, 0x65, 0x0E ),
+ BYTES_TO_T_UINT_8( 0xA5, 0x0B, 0x99, 0xAC, 0xC9, 0xBA, 0x6C, 0x2A ),
+ BYTES_TO_T_UINT_8( 0xA7, 0x59, 0x5A, 0x0D, 0x7B, 0x9E, 0x08, 0xAD ),
+ BYTES_TO_T_UINT_8( 0x34, 0x91, 0xB2, 0xDC, 0x90, 0xCE, 0x67, 0xED ),
+ BYTES_TO_T_UINT_8( 0xE3, 0x93, 0x60, 0x0C, 0xD7, 0x1F, 0x2F, 0x17 ),
+ BYTES_TO_T_UINT_8( 0x19, 0x7F, 0x9D, 0x40, 0xF8, 0x78, 0x7A, 0x54 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_18_X[] = {
+ BYTES_TO_T_UINT_8( 0x13, 0x22, 0x95, 0xE8, 0xEF, 0x31, 0x57, 0x35 ),
+ BYTES_TO_T_UINT_8( 0x2D, 0x88, 0x53, 0xFE, 0xAF, 0x7C, 0x47, 0x14 ),
+ BYTES_TO_T_UINT_8( 0x0E, 0xCE, 0xCC, 0x79, 0xE8, 0x9F, 0x8C, 0xC4 ),
+ BYTES_TO_T_UINT_8( 0xDB, 0x16, 0xDD, 0x77, 0x6E, 0x8A, 0x73, 0x97 ),
+ BYTES_TO_T_UINT_8( 0xC0, 0x07, 0x97, 0x21, 0x3B, 0xF8, 0x5F, 0xA8 ),
+ BYTES_TO_T_UINT_8( 0xC6, 0xB5, 0xD2, 0x81, 0x84, 0xF0, 0xE7, 0x9F ),
+ BYTES_TO_T_UINT_8( 0xCB, 0x8F, 0x75, 0x09, 0x6A, 0x0E, 0x53, 0xAD ),
+ BYTES_TO_T_UINT_8( 0xE6, 0x4F, 0x70, 0x97, 0xC7, 0xAC, 0x7D, 0x3F ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_18_Y[] = {
+ BYTES_TO_T_UINT_8( 0xF9, 0x3C, 0x6A, 0xB4, 0x10, 0xA9, 0xC8, 0x1D ),
+ BYTES_TO_T_UINT_8( 0xEE, 0xC5, 0xD6, 0x69, 0x16, 0xB8, 0xAC, 0x25 ),
+ BYTES_TO_T_UINT_8( 0xAC, 0x44, 0xDC, 0xEB, 0x48, 0x54, 0x5D, 0x5F ),
+ BYTES_TO_T_UINT_8( 0x6F, 0x48, 0x9B, 0xD7, 0x72, 0x69, 0xA4, 0x8A ),
+ BYTES_TO_T_UINT_8( 0xB4, 0x0D, 0x36, 0x9A, 0x66, 0x0B, 0xEC, 0x24 ),
+ BYTES_TO_T_UINT_8( 0xBE, 0xC6, 0xD4, 0xB6, 0x60, 0xE5, 0xC3, 0x3A ),
+ BYTES_TO_T_UINT_8( 0xBA, 0x29, 0x42, 0xE0, 0x9D, 0xFD, 0x7C, 0x3E ),
+ BYTES_TO_T_UINT_8( 0x43, 0x10, 0xBA, 0x55, 0xBC, 0x3B, 0x38, 0x5D ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_19_X[] = {
+ BYTES_TO_T_UINT_8( 0x25, 0x66, 0xFA, 0x05, 0x73, 0x03, 0x1B, 0x69 ),
+ BYTES_TO_T_UINT_8( 0x11, 0xA4, 0x66, 0x12, 0x96, 0x7B, 0x02, 0x4C ),
+ BYTES_TO_T_UINT_8( 0x44, 0xB5, 0xDE, 0x6D, 0x98, 0xD1, 0xD5, 0xA8 ),
+ BYTES_TO_T_UINT_8( 0xE2, 0xF5, 0x44, 0xB8, 0x8E, 0xF6, 0x8C, 0x05 ),
+ BYTES_TO_T_UINT_8( 0x68, 0x15, 0x2B, 0x72, 0xBC, 0x49, 0xE5, 0xDF ),
+ BYTES_TO_T_UINT_8( 0x6C, 0x44, 0xD7, 0xDF, 0x8F, 0xEB, 0x8D, 0x80 ),
+ BYTES_TO_T_UINT_8( 0x05, 0x64, 0x88, 0xAA, 0xB7, 0xE4, 0x70, 0x1D ),
+ BYTES_TO_T_UINT_8( 0x9C, 0x14, 0xBB, 0xE9, 0x9B, 0xB9, 0x65, 0x5D ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_19_Y[] = {
+ BYTES_TO_T_UINT_8( 0x66, 0x8E, 0x88, 0xF5, 0xF1, 0xC1, 0x89, 0xA2 ),
+ BYTES_TO_T_UINT_8( 0x16, 0x30, 0x53, 0xE6, 0xFB, 0x2D, 0x82, 0xB4 ),
+ BYTES_TO_T_UINT_8( 0xA7, 0xE4, 0xFF, 0xBA, 0x31, 0x79, 0xAB, 0xC2 ),
+ BYTES_TO_T_UINT_8( 0x45, 0x09, 0xF7, 0xB7, 0x09, 0x78, 0x4C, 0x90 ),
+ BYTES_TO_T_UINT_8( 0x10, 0xAE, 0xC2, 0x44, 0xDC, 0x17, 0x78, 0x47 ),
+ BYTES_TO_T_UINT_8( 0xC7, 0xD4, 0x17, 0x43, 0x19, 0x74, 0x9E, 0x23 ),
+ BYTES_TO_T_UINT_8( 0x15, 0x64, 0x3B, 0x73, 0xA2, 0x99, 0x27, 0x76 ),
+ BYTES_TO_T_UINT_8( 0x05, 0x74, 0x36, 0x5F, 0xD3, 0x14, 0xB1, 0x31 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_20_X[] = {
+ BYTES_TO_T_UINT_8( 0xAC, 0x07, 0xAB, 0xFD, 0x9B, 0x03, 0xC5, 0xD5 ),
+ BYTES_TO_T_UINT_8( 0xC7, 0xBE, 0xB0, 0x1D, 0xF2, 0x0C, 0x73, 0x73 ),
+ BYTES_TO_T_UINT_8( 0x99, 0xE7, 0x7B, 0x87, 0xD3, 0x34, 0xFD, 0xE2 ),
+ BYTES_TO_T_UINT_8( 0x9A, 0x25, 0x3D, 0xC7, 0x36, 0x83, 0x53, 0xDC ),
+ BYTES_TO_T_UINT_8( 0x22, 0x7C, 0xCF, 0x63, 0x55, 0x12, 0x11, 0xB0 ),
+ BYTES_TO_T_UINT_8( 0xC0, 0x34, 0x4D, 0x27, 0x92, 0xAC, 0x18, 0x16 ),
+ BYTES_TO_T_UINT_8( 0x98, 0x42, 0x61, 0x9D, 0x2E, 0xFF, 0x13, 0x16 ),
+ BYTES_TO_T_UINT_8( 0xF4, 0xDE, 0x92, 0x65, 0x57, 0x0D, 0xBC, 0x0A ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_20_Y[] = {
+ BYTES_TO_T_UINT_8( 0xEF, 0x7B, 0x6E, 0xC6, 0x2A, 0x21, 0x74, 0x0A ),
+ BYTES_TO_T_UINT_8( 0x37, 0xA7, 0x53, 0x4D, 0x29, 0x36, 0xEF, 0xE5 ),
+ BYTES_TO_T_UINT_8( 0xE1, 0xD6, 0x41, 0xC7, 0x99, 0xAD, 0x50, 0x53 ),
+ BYTES_TO_T_UINT_8( 0x99, 0xAC, 0x41, 0x9F, 0xFB, 0x4C, 0x86, 0xF1 ),
+ BYTES_TO_T_UINT_8( 0x8B, 0xBB, 0xE6, 0x25, 0x28, 0xAA, 0xEB, 0x1E ),
+ BYTES_TO_T_UINT_8( 0x92, 0x04, 0xA2, 0xC3, 0xAA, 0x08, 0x8A, 0xCC ),
+ BYTES_TO_T_UINT_8( 0x5A, 0x2B, 0x5B, 0xE2, 0x8D, 0x76, 0xEA, 0x34 ),
+ BYTES_TO_T_UINT_8( 0xB3, 0x33, 0xD2, 0x21, 0x4D, 0x62, 0xE3, 0x8E ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_21_X[] = {
+ BYTES_TO_T_UINT_8( 0xF6, 0x06, 0x8B, 0x2B, 0xC2, 0xC4, 0xB1, 0xD2 ),
+ BYTES_TO_T_UINT_8( 0xFA, 0xF5, 0xA1, 0xC0, 0x03, 0x6A, 0x29, 0x12 ),
+ BYTES_TO_T_UINT_8( 0xF5, 0xA9, 0xEF, 0x55, 0xB6, 0x1A, 0x9F, 0x6B ),
+ BYTES_TO_T_UINT_8( 0x9B, 0x54, 0x32, 0xBE, 0x06, 0x43, 0xB5, 0xFD ),
+ BYTES_TO_T_UINT_8( 0xF7, 0xD6, 0xD9, 0x20, 0x89, 0xBE, 0xD4, 0x1B ),
+ BYTES_TO_T_UINT_8( 0xE8, 0x26, 0x95, 0x10, 0xCE, 0xB4, 0x88, 0x79 ),
+ BYTES_TO_T_UINT_8( 0xE6, 0xA6, 0x27, 0xAC, 0x32, 0xBA, 0xBD, 0xC7 ),
+ BYTES_TO_T_UINT_8( 0xA3, 0xA6, 0xAE, 0x9C, 0x7B, 0xBE, 0xA1, 0x63 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_21_Y[] = {
+ BYTES_TO_T_UINT_8( 0x8B, 0xCD, 0x4D, 0x3D, 0xDF, 0x96, 0xBB, 0x7D ),
+ BYTES_TO_T_UINT_8( 0x77, 0xA7, 0x11, 0x06, 0xCC, 0x0E, 0x31, 0x81 ),
+ BYTES_TO_T_UINT_8( 0x20, 0xE4, 0xF4, 0xAD, 0x7B, 0x5F, 0xF1, 0xEF ),
+ BYTES_TO_T_UINT_8( 0xE4, 0x54, 0xBE, 0xF4, 0x8A, 0x03, 0x47, 0xDF ),
+ BYTES_TO_T_UINT_8( 0xB4, 0x53, 0x00, 0x7F, 0xB0, 0x8A, 0x68, 0xA6 ),
+ BYTES_TO_T_UINT_8( 0xA0, 0x16, 0xB1, 0x73, 0x6F, 0x5B, 0x0E, 0xC3 ),
+ BYTES_TO_T_UINT_8( 0x2A, 0x32, 0xE3, 0x43, 0x64, 0x75, 0xFB, 0xFB ),
+ BYTES_TO_T_UINT_8( 0xA0, 0x18, 0x55, 0x8A, 0x4E, 0x6E, 0x35, 0x54 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_22_X[] = {
+ BYTES_TO_T_UINT_8( 0x80, 0x97, 0x15, 0x1E, 0xCB, 0xF2, 0x9C, 0xA5 ),
+ BYTES_TO_T_UINT_8( 0x2B, 0xD1, 0xBB, 0xF3, 0x70, 0xAD, 0x13, 0xAD ),
+ BYTES_TO_T_UINT_8( 0xD8, 0x96, 0xA4, 0xC5, 0x5E, 0xDA, 0xD5, 0x57 ),
+ BYTES_TO_T_UINT_8( 0x07, 0x81, 0xE9, 0x65, 0x66, 0x76, 0x47, 0x45 ),
+ BYTES_TO_T_UINT_8( 0xC9, 0x35, 0x87, 0x06, 0x73, 0xCF, 0x34, 0xD2 ),
+ BYTES_TO_T_UINT_8( 0x5A, 0x81, 0x15, 0x42, 0xA2, 0x79, 0x5B, 0x42 ),
+ BYTES_TO_T_UINT_8( 0x08, 0xA2, 0x7D, 0x09, 0x14, 0x64, 0xC6, 0xAE ),
+ BYTES_TO_T_UINT_8( 0x5E, 0x6D, 0xC4, 0xED, 0xF1, 0xD6, 0xE9, 0x24 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_22_Y[] = {
+ BYTES_TO_T_UINT_8( 0xB4, 0xD5, 0xBB, 0x25, 0xA3, 0xDD, 0xA3, 0x88 ),
+ BYTES_TO_T_UINT_8( 0x46, 0xF2, 0x68, 0x67, 0x39, 0x8F, 0x73, 0x93 ),
+ BYTES_TO_T_UINT_8( 0xF0, 0x76, 0x28, 0x89, 0xAD, 0x32, 0xE0, 0xDF ),
+ BYTES_TO_T_UINT_8( 0xF8, 0x90, 0xCC, 0x57, 0x58, 0xAA, 0xC9, 0x75 ),
+ BYTES_TO_T_UINT_8( 0x5E, 0xD7, 0x43, 0xD2, 0xCE, 0x5E, 0xA0, 0x08 ),
+ BYTES_TO_T_UINT_8( 0x33, 0xB0, 0xB8, 0xA4, 0x9E, 0x96, 0x26, 0x86 ),
+ BYTES_TO_T_UINT_8( 0x94, 0x61, 0x1D, 0xF3, 0x65, 0x5E, 0x60, 0xCA ),
+ BYTES_TO_T_UINT_8( 0xC7, 0x1E, 0x65, 0xED, 0xCF, 0x07, 0x60, 0x20 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_23_X[] = {
+ BYTES_TO_T_UINT_8( 0xA4, 0x30, 0x17, 0x8A, 0x91, 0x88, 0x0A, 0xA4 ),
+ BYTES_TO_T_UINT_8( 0x05, 0x7D, 0x18, 0xA4, 0xAC, 0x59, 0xFC, 0x5F ),
+ BYTES_TO_T_UINT_8( 0xA4, 0x31, 0x8B, 0x25, 0x65, 0x39, 0x9A, 0xDC ),
+ BYTES_TO_T_UINT_8( 0x15, 0x16, 0x4B, 0x68, 0xBA, 0x59, 0x13, 0x2F ),
+ BYTES_TO_T_UINT_8( 0x8D, 0xFD, 0xD3, 0xC5, 0x56, 0xC9, 0x8C, 0x5E ),
+ BYTES_TO_T_UINT_8( 0xBC, 0xC6, 0x9F, 0xF4, 0xE6, 0xF7, 0xB4, 0x01 ),
+ BYTES_TO_T_UINT_8( 0x2D, 0x7C, 0x03, 0x00, 0x26, 0x9F, 0xD8, 0x7B ),
+ BYTES_TO_T_UINT_8( 0x24, 0x1D, 0x6E, 0x00, 0xB9, 0x00, 0x6E, 0x93 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_23_Y[] = {
+ BYTES_TO_T_UINT_8( 0x75, 0x63, 0xDA, 0x03, 0x2B, 0xD5, 0x0B, 0xFE ),
+ BYTES_TO_T_UINT_8( 0x46, 0xFC, 0xE2, 0xC8, 0x47, 0xF0, 0xAE, 0xF2 ),
+ BYTES_TO_T_UINT_8( 0x51, 0x4C, 0xF7, 0x50, 0x0C, 0x48, 0x06, 0x2A ),
+ BYTES_TO_T_UINT_8( 0xDF, 0x2B, 0x32, 0x98, 0x0E, 0x7E, 0x61, 0x41 ),
+ BYTES_TO_T_UINT_8( 0x5D, 0x02, 0x27, 0xFE, 0x75, 0x86, 0xDF, 0x24 ),
+ BYTES_TO_T_UINT_8( 0x2B, 0x30, 0xB1, 0x22, 0x32, 0x1B, 0xFE, 0x24 ),
+ BYTES_TO_T_UINT_8( 0xC2, 0x27, 0xF7, 0x78, 0x6F, 0xD7, 0xFD, 0xE4 ),
+ BYTES_TO_T_UINT_8( 0xA0, 0x78, 0xCC, 0xEA, 0xC0, 0x50, 0x24, 0x44 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_24_X[] = {
+ BYTES_TO_T_UINT_8( 0x37, 0x2B, 0x4F, 0x7F, 0x58, 0xE6, 0xC2, 0x70 ),
+ BYTES_TO_T_UINT_8( 0x37, 0x43, 0xD5, 0xA7, 0x35, 0x3C, 0x80, 0xB8 ),
+ BYTES_TO_T_UINT_8( 0x1A, 0x6D, 0x4B, 0x12, 0x00, 0x7B, 0xE6, 0xA6 ),
+ BYTES_TO_T_UINT_8( 0x37, 0x15, 0xBD, 0xD0, 0x9B, 0xCA, 0xAA, 0x81 ),
+ BYTES_TO_T_UINT_8( 0xCF, 0xCE, 0x9C, 0xE3, 0x8B, 0x60, 0x7A, 0x53 ),
+ BYTES_TO_T_UINT_8( 0x0C, 0xDA, 0x4B, 0x03, 0xA7, 0x8D, 0x43, 0x22 ),
+ BYTES_TO_T_UINT_8( 0x57, 0xAF, 0x00, 0x2B, 0x32, 0xF0, 0x22, 0x68 ),
+ BYTES_TO_T_UINT_8( 0xDC, 0xD9, 0x99, 0x99, 0xBE, 0x43, 0x99, 0x3E ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_24_Y[] = {
+ BYTES_TO_T_UINT_8( 0x1F, 0x71, 0x41, 0xF4, 0xB5, 0xFD, 0xDD, 0x36 ),
+ BYTES_TO_T_UINT_8( 0x9D, 0xE2, 0x20, 0x4C, 0xD1, 0x2E, 0x1F, 0x06 ),
+ BYTES_TO_T_UINT_8( 0x96, 0x43, 0x48, 0x76, 0x8A, 0x49, 0xAC, 0x87 ),
+ BYTES_TO_T_UINT_8( 0x0C, 0x1A, 0x55, 0xA8, 0xA3, 0xD4, 0x57, 0x75 ),
+ BYTES_TO_T_UINT_8( 0x7C, 0xA6, 0x84, 0x39, 0xC9, 0x13, 0xBB, 0x60 ),
+ BYTES_TO_T_UINT_8( 0xD9, 0xFA, 0xA9, 0x70, 0xDE, 0x83, 0xDD, 0xC9 ),
+ BYTES_TO_T_UINT_8( 0xEC, 0xC9, 0xD9, 0x3E, 0x44, 0x91, 0x68, 0x7B ),
+ BYTES_TO_T_UINT_8( 0xB6, 0x9F, 0x85, 0x6D, 0xF7, 0x54, 0x36, 0x82 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_25_X[] = {
+ BYTES_TO_T_UINT_8( 0x68, 0x6B, 0xA6, 0xA3, 0xE5, 0xD4, 0x46, 0xDB ),
+ BYTES_TO_T_UINT_8( 0x23, 0x3E, 0xDC, 0x84, 0x7C, 0x7B, 0x24, 0x34 ),
+ BYTES_TO_T_UINT_8( 0x14, 0xED, 0x7F, 0x86, 0x07, 0x6C, 0x57, 0xCA ),
+ BYTES_TO_T_UINT_8( 0x95, 0x06, 0xFE, 0x52, 0x12, 0x79, 0x69, 0x56 ),
+ BYTES_TO_T_UINT_8( 0x84, 0xD1, 0x44, 0x5F, 0x21, 0x3A, 0xC3, 0x84 ),
+ BYTES_TO_T_UINT_8( 0x5E, 0xD9, 0x4A, 0xC0, 0x75, 0xAB, 0x17, 0xAC ),
+ BYTES_TO_T_UINT_8( 0xFF, 0x81, 0x94, 0xB6, 0x80, 0x6B, 0x6F, 0xC3 ),
+ BYTES_TO_T_UINT_8( 0x07, 0xBE, 0x8E, 0xA5, 0xAA, 0xBC, 0x1E, 0x3E ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_25_Y[] = {
+ BYTES_TO_T_UINT_8( 0x89, 0xC7, 0x85, 0xA6, 0x59, 0x9B, 0xB1, 0x52 ),
+ BYTES_TO_T_UINT_8( 0x1C, 0xCE, 0x40, 0xD1, 0xFB, 0xDF, 0x94, 0xF7 ),
+ BYTES_TO_T_UINT_8( 0x18, 0xB8, 0x5E, 0xBF, 0x45, 0xA8, 0x2D, 0x2D ),
+ BYTES_TO_T_UINT_8( 0x98, 0x9C, 0x06, 0x1B, 0xA9, 0x57, 0xB9, 0x79 ),
+ BYTES_TO_T_UINT_8( 0x53, 0xE9, 0xCE, 0xA2, 0xD3, 0x74, 0xA1, 0x3C ),
+ BYTES_TO_T_UINT_8( 0xAA, 0x5F, 0x34, 0x78, 0xDB, 0xAE, 0x3A, 0x14 ),
+ BYTES_TO_T_UINT_8( 0x7D, 0x32, 0x84, 0x3E, 0x68, 0x6A, 0x43, 0x0F ),
+ BYTES_TO_T_UINT_8( 0x8C, 0xBC, 0x39, 0x36, 0xA4, 0xC5, 0xBB, 0x11 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_26_X[] = {
+ BYTES_TO_T_UINT_8( 0x8C, 0x07, 0xA2, 0xB5, 0xC9, 0x0F, 0x4D, 0x0F ),
+ BYTES_TO_T_UINT_8( 0xE3, 0x1D, 0x67, 0xE6, 0xF1, 0x46, 0xEB, 0x71 ),
+ BYTES_TO_T_UINT_8( 0xD7, 0x41, 0x23, 0x95, 0xE7, 0xE0, 0x10, 0xDD ),
+ BYTES_TO_T_UINT_8( 0xBE, 0x69, 0xFE, 0x68, 0x8C, 0xC6, 0x5F, 0xB6 ),
+ BYTES_TO_T_UINT_8( 0xE3, 0xB9, 0x2B, 0x3D, 0xD2, 0x4F, 0xD8, 0x1A ),
+ BYTES_TO_T_UINT_8( 0xA3, 0x09, 0xF5, 0x5F, 0xCF, 0xF6, 0x91, 0x57 ),
+ BYTES_TO_T_UINT_8( 0x65, 0x15, 0x42, 0x6B, 0x6D, 0xB5, 0xF3, 0xB6 ),
+ BYTES_TO_T_UINT_8( 0xBF, 0x56, 0x9D, 0xC5, 0xFF, 0xCA, 0x13, 0x9B ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_26_Y[] = {
+ BYTES_TO_T_UINT_8( 0x4D, 0x38, 0xE6, 0x23, 0x63, 0x48, 0x3C, 0xCA ),
+ BYTES_TO_T_UINT_8( 0xD2, 0x68, 0x3C, 0xD1, 0x3B, 0xE9, 0x3B, 0x82 ),
+ BYTES_TO_T_UINT_8( 0xB5, 0x08, 0x54, 0x49, 0xD1, 0x46, 0x45, 0x13 ),
+ BYTES_TO_T_UINT_8( 0x07, 0x70, 0x52, 0x6E, 0x79, 0xC4, 0x5E, 0x95 ),
+ BYTES_TO_T_UINT_8( 0x36, 0xDF, 0xE8, 0x5A, 0x32, 0x81, 0xDA, 0xD3 ),
+ BYTES_TO_T_UINT_8( 0x3C, 0x2D, 0x94, 0x5B, 0xB5, 0x35, 0x9F, 0x0A ),
+ BYTES_TO_T_UINT_8( 0x2A, 0x12, 0x8D, 0xC3, 0x36, 0x36, 0xB2, 0x2A ),
+ BYTES_TO_T_UINT_8( 0x39, 0x2F, 0x22, 0x38, 0x5B, 0x18, 0x4C, 0x35 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_27_X[] = {
+ BYTES_TO_T_UINT_8( 0x10, 0xC1, 0x22, 0x0E, 0xF0, 0x73, 0x11, 0x05 ),
+ BYTES_TO_T_UINT_8( 0xB2, 0xAE, 0xA4, 0x56, 0x18, 0x61, 0x66, 0x12 ),
+ BYTES_TO_T_UINT_8( 0x79, 0xFB, 0x72, 0x08, 0x84, 0x38, 0x51, 0xB0 ),
+ BYTES_TO_T_UINT_8( 0xDA, 0x86, 0xA8, 0xB9, 0x31, 0x99, 0x29, 0xC3 ),
+ BYTES_TO_T_UINT_8( 0x8A, 0xFB, 0xC3, 0x42, 0xB3, 0xC7, 0x6F, 0x3A ),
+ BYTES_TO_T_UINT_8( 0xD8, 0xF8, 0xE1, 0x09, 0xBE, 0x75, 0xB0, 0x22 ),
+ BYTES_TO_T_UINT_8( 0x5A, 0x7D, 0xFF, 0xF4, 0x99, 0xFC, 0x13, 0xAB ),
+ BYTES_TO_T_UINT_8( 0xE6, 0x1B, 0x84, 0x81, 0x42, 0x22, 0xC6, 0x3D ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_27_Y[] = {
+ BYTES_TO_T_UINT_8( 0x21, 0xE0, 0x37, 0xA4, 0xA0, 0x2F, 0x38, 0x7F ),
+ BYTES_TO_T_UINT_8( 0xD0, 0x3D, 0xB7, 0x40, 0x2F, 0x39, 0x3C, 0x7A ),
+ BYTES_TO_T_UINT_8( 0x7A, 0x3B, 0x8A, 0x51, 0xAE, 0x40, 0x49, 0x7A ),
+ BYTES_TO_T_UINT_8( 0x36, 0x20, 0x9F, 0xDD, 0xA9, 0xD0, 0x77, 0xC7 ),
+ BYTES_TO_T_UINT_8( 0x78, 0x1D, 0x64, 0xDA, 0xA0, 0x53, 0xC7, 0x7D ),
+ BYTES_TO_T_UINT_8( 0x37, 0x7B, 0x66, 0x55, 0x94, 0xD1, 0x51, 0x44 ),
+ BYTES_TO_T_UINT_8( 0x0E, 0xA9, 0xB5, 0x5B, 0x38, 0x35, 0x40, 0xC0 ),
+ BYTES_TO_T_UINT_8( 0xC8, 0xC9, 0x0F, 0xF0, 0x73, 0x79, 0x43, 0x61 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_28_X[] = {
+ BYTES_TO_T_UINT_8( 0x10, 0x47, 0x45, 0x69, 0x80, 0x72, 0x72, 0x42 ),
+ BYTES_TO_T_UINT_8( 0x70, 0x11, 0x99, 0x59, 0xDB, 0x48, 0x80, 0x39 ),
+ BYTES_TO_T_UINT_8( 0x75, 0x6E, 0x3D, 0xFC, 0x37, 0x15, 0xF4, 0xBF ),
+ BYTES_TO_T_UINT_8( 0x17, 0xBB, 0x5B, 0xA6, 0x35, 0x8D, 0x28, 0x20 ),
+ BYTES_TO_T_UINT_8( 0xAB, 0x1A, 0x3B, 0x2C, 0x8F, 0xD3, 0xAA, 0x2D ),
+ BYTES_TO_T_UINT_8( 0x55, 0x1C, 0x1A, 0xF8, 0x02, 0xD9, 0x7B, 0x41 ),
+ BYTES_TO_T_UINT_8( 0xAF, 0x69, 0xAC, 0xF8, 0x54, 0x31, 0x14, 0xA1 ),
+ BYTES_TO_T_UINT_8( 0x41, 0x8A, 0xE6, 0xDE, 0x58, 0xB9, 0xC4, 0x7A ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_28_Y[] = {
+ BYTES_TO_T_UINT_8( 0x57, 0x83, 0x52, 0xFE, 0xF9, 0x7B, 0xE9, 0x1F ),
+ BYTES_TO_T_UINT_8( 0x07, 0xA2, 0x55, 0x46, 0x15, 0x49, 0xC1, 0x3A ),
+ BYTES_TO_T_UINT_8( 0x1D, 0xBC, 0x5C, 0x91, 0xBD, 0xB9, 0x9C, 0xF4 ),
+ BYTES_TO_T_UINT_8( 0xBB, 0xFD, 0xB1, 0x4E, 0x5F, 0x74, 0xEE, 0x53 ),
+ BYTES_TO_T_UINT_8( 0xB1, 0x8B, 0xD8, 0x8B, 0x17, 0x73, 0x1B, 0x96 ),
+ BYTES_TO_T_UINT_8( 0x22, 0x92, 0xD7, 0x67, 0x06, 0xAD, 0x25, 0xCD ),
+ BYTES_TO_T_UINT_8( 0x01, 0x0F, 0x80, 0x24, 0xE2, 0x27, 0x5F, 0x8B ),
+ BYTES_TO_T_UINT_8( 0x61, 0x1C, 0xCE, 0xD0, 0x67, 0xCA, 0xD4, 0x0B ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_29_X[] = {
+ BYTES_TO_T_UINT_8( 0x87, 0xF1, 0xDD, 0x33, 0x66, 0xF9, 0x05, 0xD6 ),
+ BYTES_TO_T_UINT_8( 0x1D, 0xE5, 0x6B, 0x79, 0xBD, 0x48, 0x42, 0xAA ),
+ BYTES_TO_T_UINT_8( 0xD1, 0x14, 0x52, 0xE3, 0x53, 0xB4, 0x50, 0xD4 ),
+ BYTES_TO_T_UINT_8( 0x32, 0x84, 0x6C, 0xCF, 0xDA, 0xB2, 0x20, 0x0A ),
+ BYTES_TO_T_UINT_8( 0x70, 0xD6, 0x1A, 0xE5, 0xE2, 0x29, 0x70, 0xCE ),
+ BYTES_TO_T_UINT_8( 0xD5, 0x61, 0xFE, 0xBB, 0x21, 0x82, 0xD1, 0xFE ),
+ BYTES_TO_T_UINT_8( 0x2C, 0xF0, 0x9C, 0x8B, 0x1A, 0x42, 0x30, 0x06 ),
+ BYTES_TO_T_UINT_8( 0x43, 0xD6, 0x49, 0x81, 0x92, 0xF1, 0xD0, 0x90 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_29_Y[] = {
+ BYTES_TO_T_UINT_8( 0xC9, 0x91, 0x93, 0x6A, 0xA6, 0x22, 0xE9, 0xD6 ),
+ BYTES_TO_T_UINT_8( 0x09, 0xDC, 0xC3, 0x69, 0x11, 0x95, 0x7D, 0xEC ),
+ BYTES_TO_T_UINT_8( 0x1C, 0xA3, 0x9D, 0x87, 0x5E, 0x64, 0x41, 0xA2 ),
+ BYTES_TO_T_UINT_8( 0xBE, 0x87, 0x5A, 0x15, 0xBD, 0x6E, 0x3C, 0x8D ),
+ BYTES_TO_T_UINT_8( 0xD0, 0x8D, 0x50, 0xCC, 0xCF, 0xB7, 0x8F, 0x0B ),
+ BYTES_TO_T_UINT_8( 0x38, 0x65, 0xCD, 0x31, 0x30, 0xF1, 0x68, 0x13 ),
+ BYTES_TO_T_UINT_8( 0x10, 0x5C, 0x66, 0x67, 0x92, 0x30, 0x57, 0x95 ),
+ BYTES_TO_T_UINT_8( 0x23, 0x9B, 0x01, 0x3D, 0x20, 0x8B, 0xD1, 0x0D ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_30_X[] = {
+ BYTES_TO_T_UINT_8( 0xAB, 0xC0, 0xE6, 0x4F, 0xDE, 0x62, 0xAB, 0xB3 ),
+ BYTES_TO_T_UINT_8( 0xA4, 0x48, 0xB3, 0x1C, 0x0F, 0x16, 0x93, 0x45 ),
+ BYTES_TO_T_UINT_8( 0x77, 0x63, 0xBD, 0x1F, 0x16, 0x50, 0x56, 0x98 ),
+ BYTES_TO_T_UINT_8( 0x5D, 0x06, 0xBC, 0xE9, 0x27, 0x1C, 0x9A, 0x7B ),
+ BYTES_TO_T_UINT_8( 0xF8, 0xFE, 0x21, 0xC5, 0x39, 0x55, 0xE1, 0xFD ),
+ BYTES_TO_T_UINT_8( 0xF6, 0xA8, 0xD0, 0x96, 0x0E, 0xB5, 0xB2, 0x84 ),
+ BYTES_TO_T_UINT_8( 0x3D, 0xE7, 0x4B, 0xF3, 0x11, 0x0C, 0xC9, 0x5B ),
+ BYTES_TO_T_UINT_8( 0x43, 0x3A, 0xC4, 0x87, 0x71, 0xEE, 0xFA, 0x18 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_30_Y[] = {
+ BYTES_TO_T_UINT_8( 0xA7, 0x77, 0xEE, 0x81, 0x5E, 0x96, 0xEA, 0x4B ),
+ BYTES_TO_T_UINT_8( 0xEE, 0xDF, 0xA9, 0xF4, 0x4F, 0x7C, 0xB2, 0x43 ),
+ BYTES_TO_T_UINT_8( 0x9F, 0xD4, 0xDF, 0x35, 0x63, 0x47, 0x25, 0x8A ),
+ BYTES_TO_T_UINT_8( 0xA5, 0x3D, 0xFF, 0xA4, 0x02, 0xC3, 0x95, 0x11 ),
+ BYTES_TO_T_UINT_8( 0xD5, 0x10, 0x78, 0xD1, 0x2B, 0xB7, 0xBE, 0x0E ),
+ BYTES_TO_T_UINT_8( 0x0A, 0xE9, 0x57, 0xF9, 0xE0, 0xD8, 0xFC, 0xBC ),
+ BYTES_TO_T_UINT_8( 0xF3, 0xC4, 0x01, 0xD6, 0xB4, 0xE7, 0x78, 0xE2 ),
+ BYTES_TO_T_UINT_8( 0x02, 0x6C, 0xB9, 0x13, 0xA4, 0xE8, 0x6D, 0x6F ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_31_X[] = {
+ BYTES_TO_T_UINT_8( 0xE8, 0xB0, 0xC9, 0xCD, 0xBF, 0xA2, 0x1E, 0x63 ),
+ BYTES_TO_T_UINT_8( 0xDD, 0x4F, 0x86, 0x22, 0x9B, 0xEA, 0xE8, 0xBB ),
+ BYTES_TO_T_UINT_8( 0x50, 0x46, 0xDF, 0x43, 0xB9, 0x82, 0x2D, 0x0A ),
+ BYTES_TO_T_UINT_8( 0x07, 0x32, 0xF1, 0x4E, 0x95, 0x41, 0xAE, 0x8E ),
+ BYTES_TO_T_UINT_8( 0x52, 0x93, 0x26, 0xFC, 0xD3, 0x90, 0xDC, 0xEB ),
+ BYTES_TO_T_UINT_8( 0x04, 0x05, 0x45, 0xCA, 0xF9, 0x5A, 0x89, 0x93 ),
+ BYTES_TO_T_UINT_8( 0xC5, 0x82, 0x63, 0x4E, 0x55, 0x1D, 0x3A, 0x08 ),
+ BYTES_TO_T_UINT_8( 0x7C, 0x69, 0x52, 0x49, 0xE9, 0xED, 0x57, 0x34 ),
+};
+static const mbedtls_mpi_uint brainpoolP512r1_T_31_Y[] = {
+ BYTES_TO_T_UINT_8( 0x70, 0x64, 0xE9, 0xAC, 0x4C, 0x4A, 0xEA, 0x25 ),
+ BYTES_TO_T_UINT_8( 0xE9, 0xE9, 0x0B, 0x99, 0xE7, 0xF9, 0xA9, 0x2C ),
+ BYTES_TO_T_UINT_8( 0x24, 0x0C, 0xC1, 0xF4, 0x8D, 0x07, 0xB6, 0xB1 ),
+ BYTES_TO_T_UINT_8( 0xAD, 0x68, 0xFA, 0x35, 0xE4, 0x9E, 0xAE, 0xD9 ),
+ BYTES_TO_T_UINT_8( 0xF0, 0x2D, 0x1A, 0x13, 0x8E, 0x02, 0xE2, 0x63 ),
+ BYTES_TO_T_UINT_8( 0x27, 0x38, 0x28, 0x86, 0x46, 0x7B, 0x3A, 0xE1 ),
+ BYTES_TO_T_UINT_8( 0x3F, 0x4C, 0x64, 0x59, 0x0A, 0xF9, 0x02, 0xC4 ),
+ BYTES_TO_T_UINT_8( 0x41, 0x4F, 0x23, 0xA2, 0xC3, 0xD5, 0xEF, 0x42 ),
+};
+static const mbedtls_ecp_point brainpoolP512r1_T[32] = {
+ ECP_POINT_INIT_XY_Z1(brainpoolP512r1_T_0_X, brainpoolP512r1_T_0_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_1_X, brainpoolP512r1_T_1_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_2_X, brainpoolP512r1_T_2_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_3_X, brainpoolP512r1_T_3_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_4_X, brainpoolP512r1_T_4_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_5_X, brainpoolP512r1_T_5_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_6_X, brainpoolP512r1_T_6_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_7_X, brainpoolP512r1_T_7_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_8_X, brainpoolP512r1_T_8_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_9_X, brainpoolP512r1_T_9_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_10_X, brainpoolP512r1_T_10_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_11_X, brainpoolP512r1_T_11_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_12_X, brainpoolP512r1_T_12_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_13_X, brainpoolP512r1_T_13_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_14_X, brainpoolP512r1_T_14_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_15_X, brainpoolP512r1_T_15_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_16_X, brainpoolP512r1_T_16_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_17_X, brainpoolP512r1_T_17_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_18_X, brainpoolP512r1_T_18_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_19_X, brainpoolP512r1_T_19_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_20_X, brainpoolP512r1_T_20_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_21_X, brainpoolP512r1_T_21_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_22_X, brainpoolP512r1_T_22_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_23_X, brainpoolP512r1_T_23_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_24_X, brainpoolP512r1_T_24_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_25_X, brainpoolP512r1_T_25_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_26_X, brainpoolP512r1_T_26_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_27_X, brainpoolP512r1_T_27_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_28_X, brainpoolP512r1_T_28_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_29_X, brainpoolP512r1_T_29_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_30_X, brainpoolP512r1_T_30_Y),
+ ECP_POINT_INIT_XY_Z0(brainpoolP512r1_T_31_X, brainpoolP512r1_T_31_Y),
+};
+#else
+#define brainpoolP512r1_T NULL
#endif
+#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
#if defined(ECP_LOAD_GROUP)
/*
@@ -585,10 +4562,9 @@
*/
static inline void ecp_mpi_set1( mbedtls_mpi *X )
{
- static mbedtls_mpi_uint one[] = { 1 };
X->s = 1;
X->n = 1;
- X->p = one;
+ X->p = mpi_one;
}
/*
@@ -600,7 +4576,8 @@
const mbedtls_mpi_uint *b, size_t blen,
const mbedtls_mpi_uint *gx, size_t gxlen,
const mbedtls_mpi_uint *gy, size_t gylen,
- const mbedtls_mpi_uint *n, size_t nlen)
+ const mbedtls_mpi_uint *n, size_t nlen,
+ const mbedtls_ecp_point *T)
{
ecp_mpi_load( &grp->P, p, plen );
if( a != NULL )
@@ -617,6 +4594,12 @@
grp->h = 1;
+ grp->T = (mbedtls_ecp_point *) T;
+ /*
+ * Set T_size to 0 to prevent T free by mbedtls_ecp_group_free.
+ */
+ grp->T_size = 0;
+
return( 0 );
}
#endif /* ECP_LOAD_GROUP */
@@ -668,7 +4651,9 @@
G ## _b, sizeof( G ## _b ), \
G ## _gx, sizeof( G ## _gx ), \
G ## _gy, sizeof( G ## _gy ), \
- G ## _n, sizeof( G ## _n ) )
+ G ## _n, sizeof( G ## _n ), \
+ G ## _T \
+ )
#define LOAD_GROUP( G ) ecp_group_load( grp, \
G ## _p, sizeof( G ## _p ), \
@@ -676,7 +4661,9 @@
G ## _b, sizeof( G ## _b ), \
G ## _gx, sizeof( G ## _gx ), \
G ## _gy, sizeof( G ## _gy ), \
- G ## _n, sizeof( G ## _n ) )
+ G ## _n, sizeof( G ## _n ), \
+ G ## _T \
+ )
#endif /* ECP_LOAD_GROUP */
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
diff --git a/library/ecp_alt.h b/library/ecp_internal_alt.h
similarity index 99%
rename from library/ecp_alt.h
rename to library/ecp_internal_alt.h
index 6b1b29f..9b157ea 100644
--- a/library/ecp_alt.h
+++ b/library/ecp_internal_alt.h
@@ -1,5 +1,5 @@
/**
- * \file ecp_alt.h
+ * \file ecp_internal_alt.h
*
* \brief Function declarations for alternative implementation of elliptic curve
* point arithmetic.
@@ -293,5 +293,5 @@
#endif /* MBEDTLS_ECP_INTERNAL_ALT */
-#endif /* ecp_alt.h */
+#endif /* ecp_internal_alt.h */
diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h
index b523967..71c7702 100644
--- a/library/ecp_invasive.h
+++ b/library/ecp_invasive.h
@@ -27,6 +27,7 @@
#define MBEDTLS_ECP_INVASIVE_H
#include "common.h"
+#include "mbedtls/bignum.h"
#include "mbedtls/ecp.h"
#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_ECP_C)
@@ -46,6 +47,35 @@
void mbedtls_ecp_fix_negative( mbedtls_mpi *N, signed char c, size_t bits );
#endif
+#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
+/** Generate a private key on a Montgomery curve (Curve25519 or Curve448).
+ *
+ * This function implements key generation for the set of secret keys
+ * specified in [Curve25519] p. 5 and in [Curve448]. The resulting value
+ * has the lower bits masked but is not necessarily canonical.
+ *
+ * \note - [Curve25519] http://cr.yp.to/ecdh/curve25519-20060209.pdf
+ * - [RFC7748] https://tools.ietf.org/html/rfc7748
+ *
+ * \p high_bit The position of the high-order bit of the key to generate.
+ * This is the bit-size of the key minus 1:
+ * 254 for Curve25519 or 447 for Curve448.
+ * \param d The randomly generated key. This is a number of size
+ * exactly \p n_bits + 1 bits, with the least significant bits
+ * masked as specified in [Curve25519] and in [RFC7748] §5.
+ * \param f_rng The RNG function.
+ * \param p_rng The RNG context to be passed to \p f_rng.
+ *
+ * \return \c 0 on success.
+ * \return \c MBEDTLS_ERR_ECP_xxx or MBEDTLS_ERR_MPI_xxx on failure.
+ */
+int mbedtls_ecp_gen_privkey_mx( size_t n_bits,
+ mbedtls_mpi *d,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+
+#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
+
#endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_ECP_C */
#endif /* MBEDTLS_ECP_INVASIVE_H */
diff --git a/library/entropy.c b/library/entropy.c
index cc68628..f12a239 100644
--- a/library/entropy.c
+++ b/library/entropy.c
@@ -164,10 +164,10 @@
if( use_len > MBEDTLS_ENTROPY_BLOCK_SIZE )
{
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
- if( ( ret = mbedtls_sha512_ret( data, len, tmp, 0 ) ) != 0 )
+ if( ( ret = mbedtls_sha512( data, len, tmp, 0 ) ) != 0 )
goto cleanup;
#else
- if( ( ret = mbedtls_sha256_ret( data, len, tmp, 0 ) ) != 0 )
+ if( ( ret = mbedtls_sha256( data, len, tmp, 0 ) ) != 0 )
goto cleanup;
#endif
p = tmp;
@@ -184,22 +184,22 @@
*/
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
if( ctx->accumulator_started == 0 &&
- ( ret = mbedtls_sha512_starts_ret( &ctx->accumulator, 0 ) ) != 0 )
+ ( ret = mbedtls_sha512_starts( &ctx->accumulator, 0 ) ) != 0 )
goto cleanup;
else
ctx->accumulator_started = 1;
- if( ( ret = mbedtls_sha512_update_ret( &ctx->accumulator, header, 2 ) ) != 0 )
+ if( ( ret = mbedtls_sha512_update( &ctx->accumulator, header, 2 ) ) != 0 )
goto cleanup;
- ret = mbedtls_sha512_update_ret( &ctx->accumulator, p, use_len );
+ ret = mbedtls_sha512_update( &ctx->accumulator, p, use_len );
#else
if( ctx->accumulator_started == 0 &&
- ( ret = mbedtls_sha256_starts_ret( &ctx->accumulator, 0 ) ) != 0 )
+ ( ret = mbedtls_sha256_starts( &ctx->accumulator, 0 ) ) != 0 )
goto cleanup;
else
ctx->accumulator_started = 1;
- if( ( ret = mbedtls_sha256_update_ret( &ctx->accumulator, header, 2 ) ) != 0 )
+ if( ( ret = mbedtls_sha256_update( &ctx->accumulator, header, 2 ) ) != 0 )
goto cleanup;
- ret = mbedtls_sha256_update_ret( &ctx->accumulator, p, use_len );
+ ret = mbedtls_sha256_update( &ctx->accumulator, p, use_len );
#endif
cleanup:
@@ -361,7 +361,7 @@
* in a previous call to entropy_update(). If this is not guaranteed, the
* code below will fail.
*/
- if( ( ret = mbedtls_sha512_finish_ret( &ctx->accumulator, buf ) ) != 0 )
+ if( ( ret = mbedtls_sha512_finish( &ctx->accumulator, buf ) ) != 0 )
goto exit;
/*
@@ -369,20 +369,20 @@
*/
mbedtls_sha512_free( &ctx->accumulator );
mbedtls_sha512_init( &ctx->accumulator );
- if( ( ret = mbedtls_sha512_starts_ret( &ctx->accumulator, 0 ) ) != 0 )
+ if( ( ret = mbedtls_sha512_starts( &ctx->accumulator, 0 ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_sha512_update_ret( &ctx->accumulator, buf,
+ if( ( ret = mbedtls_sha512_update( &ctx->accumulator, buf,
MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
goto exit;
/*
* Perform second SHA-512 on entropy
*/
- if( ( ret = mbedtls_sha512_ret( buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
+ if( ( ret = mbedtls_sha512( buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
buf, 0 ) ) != 0 )
goto exit;
#else /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
- if( ( ret = mbedtls_sha256_finish_ret( &ctx->accumulator, buf ) ) != 0 )
+ if( ( ret = mbedtls_sha256_finish( &ctx->accumulator, buf ) ) != 0 )
goto exit;
/*
@@ -390,16 +390,16 @@
*/
mbedtls_sha256_free( &ctx->accumulator );
mbedtls_sha256_init( &ctx->accumulator );
- if( ( ret = mbedtls_sha256_starts_ret( &ctx->accumulator, 0 ) ) != 0 )
+ if( ( ret = mbedtls_sha256_starts( &ctx->accumulator, 0 ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_sha256_update_ret( &ctx->accumulator, buf,
+ if( ( ret = mbedtls_sha256_update( &ctx->accumulator, buf,
MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
goto exit;
/*
* Perform second SHA-256 on entropy
*/
- if( ( ret = mbedtls_sha256_ret( buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
+ if( ( ret = mbedtls_sha256( buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
buf, 0 ) ) != 0 )
goto exit;
#endif /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c
index 7e1b4fb..ab353bf 100644
--- a/library/hmac_drbg.c
+++ b/library/hmac_drbg.c
@@ -59,7 +59,7 @@
/*
* HMAC_DRBG update, using optional additional data (10.1.2.2)
*/
-int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx,
+int mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
const unsigned char *additional,
size_t add_len )
{
@@ -130,7 +130,7 @@
return( ret );
memset( ctx->V, 0x01, mbedtls_md_get_size( md_info ) );
- if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, data, data_len ) ) != 0 )
+ if( ( ret = mbedtls_hmac_drbg_update( ctx, data, data_len ) ) != 0 )
return( ret );
return( 0 );
@@ -205,7 +205,7 @@
}
/* 2. Update state */
- if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, seed, seedlen ) ) != 0 )
+ if( ( ret = mbedtls_hmac_drbg_update( ctx, seed, seedlen ) ) != 0 )
goto exit;
/* 3. Reset reseed_counter */
@@ -348,7 +348,7 @@
/* 2. Use additional data if any */
if( additional != NULL && add_len != 0 )
{
- if( ( ret = mbedtls_hmac_drbg_update_ret( ctx,
+ if( ( ret = mbedtls_hmac_drbg_update( ctx,
additional, add_len ) ) != 0 )
goto exit;
}
@@ -372,7 +372,7 @@
}
/* 6. Update */
- if( ( ret = mbedtls_hmac_drbg_update_ret( ctx,
+ if( ( ret = mbedtls_hmac_drbg_update( ctx,
additional, add_len ) ) != 0 )
goto exit;
@@ -479,7 +479,7 @@
fclose( f );
f = NULL;
- ret = mbedtls_hmac_drbg_update_ret( ctx, buf, n );
+ ret = mbedtls_hmac_drbg_update( ctx, buf, n );
exit:
mbedtls_platform_zeroize( buf, sizeof( buf ) );
diff --git a/library/md.c b/library/md.c
index 28261ac..53afbef 100644
--- a/library/md.c
+++ b/library/md.c
@@ -503,39 +503,39 @@
{
#if defined(MBEDTLS_MD2_C)
case MBEDTLS_MD_MD2:
- return( mbedtls_md2_starts_ret( ctx->md_ctx ) );
+ return( mbedtls_md2_starts( ctx->md_ctx ) );
#endif
#if defined(MBEDTLS_MD4_C)
case MBEDTLS_MD_MD4:
- return( mbedtls_md4_starts_ret( ctx->md_ctx ) );
+ return( mbedtls_md4_starts( ctx->md_ctx ) );
#endif
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_MD_MD5:
- return( mbedtls_md5_starts_ret( ctx->md_ctx ) );
+ return( mbedtls_md5_starts( ctx->md_ctx ) );
#endif
#if defined(MBEDTLS_RIPEMD160_C)
case MBEDTLS_MD_RIPEMD160:
- return( mbedtls_ripemd160_starts_ret( ctx->md_ctx ) );
+ return( mbedtls_ripemd160_starts( ctx->md_ctx ) );
#endif
#if defined(MBEDTLS_SHA1_C)
case MBEDTLS_MD_SHA1:
- return( mbedtls_sha1_starts_ret( ctx->md_ctx ) );
+ return( mbedtls_sha1_starts( ctx->md_ctx ) );
#endif
#if defined(MBEDTLS_SHA224_C)
case MBEDTLS_MD_SHA224:
- return( mbedtls_sha256_starts_ret( ctx->md_ctx, 1 ) );
+ return( mbedtls_sha256_starts( ctx->md_ctx, 1 ) );
#endif
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA256:
- return( mbedtls_sha256_starts_ret( ctx->md_ctx, 0 ) );
+ return( mbedtls_sha256_starts( ctx->md_ctx, 0 ) );
#endif
#if defined(MBEDTLS_SHA384_C)
case MBEDTLS_MD_SHA384:
- return( mbedtls_sha512_starts_ret( ctx->md_ctx, 1 ) );
+ return( mbedtls_sha512_starts( ctx->md_ctx, 1 ) );
#endif
#if defined(MBEDTLS_SHA512_C)
case MBEDTLS_MD_SHA512:
- return( mbedtls_sha512_starts_ret( ctx->md_ctx, 0 ) );
+ return( mbedtls_sha512_starts( ctx->md_ctx, 0 ) );
#endif
default:
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
@@ -551,39 +551,39 @@
{
#if defined(MBEDTLS_MD2_C)
case MBEDTLS_MD_MD2:
- return( mbedtls_md2_update_ret( ctx->md_ctx, input, ilen ) );
+ return( mbedtls_md2_update( ctx->md_ctx, input, ilen ) );
#endif
#if defined(MBEDTLS_MD4_C)
case MBEDTLS_MD_MD4:
- return( mbedtls_md4_update_ret( ctx->md_ctx, input, ilen ) );
+ return( mbedtls_md4_update( ctx->md_ctx, input, ilen ) );
#endif
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_MD_MD5:
- return( mbedtls_md5_update_ret( ctx->md_ctx, input, ilen ) );
+ return( mbedtls_md5_update( ctx->md_ctx, input, ilen ) );
#endif
#if defined(MBEDTLS_RIPEMD160_C)
case MBEDTLS_MD_RIPEMD160:
- return( mbedtls_ripemd160_update_ret( ctx->md_ctx, input, ilen ) );
+ return( mbedtls_ripemd160_update( ctx->md_ctx, input, ilen ) );
#endif
#if defined(MBEDTLS_SHA1_C)
case MBEDTLS_MD_SHA1:
- return( mbedtls_sha1_update_ret( ctx->md_ctx, input, ilen ) );
+ return( mbedtls_sha1_update( ctx->md_ctx, input, ilen ) );
#endif
#if defined(MBEDTLS_SHA224_C)
case MBEDTLS_MD_SHA224:
- return( mbedtls_sha256_update_ret( ctx->md_ctx, input, ilen ) );
+ return( mbedtls_sha256_update( ctx->md_ctx, input, ilen ) );
#endif
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA256:
- return( mbedtls_sha256_update_ret( ctx->md_ctx, input, ilen ) );
+ return( mbedtls_sha256_update( ctx->md_ctx, input, ilen ) );
#endif
#if defined(MBEDTLS_SHA384_C)
case MBEDTLS_MD_SHA384:
- return( mbedtls_sha512_update_ret( ctx->md_ctx, input, ilen ) );
+ return( mbedtls_sha512_update( ctx->md_ctx, input, ilen ) );
#endif
#if defined(MBEDTLS_SHA512_C)
case MBEDTLS_MD_SHA512:
- return( mbedtls_sha512_update_ret( ctx->md_ctx, input, ilen ) );
+ return( mbedtls_sha512_update( ctx->md_ctx, input, ilen ) );
#endif
default:
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
@@ -599,39 +599,39 @@
{
#if defined(MBEDTLS_MD2_C)
case MBEDTLS_MD_MD2:
- return( mbedtls_md2_finish_ret( ctx->md_ctx, output ) );
+ return( mbedtls_md2_finish( ctx->md_ctx, output ) );
#endif
#if defined(MBEDTLS_MD4_C)
case MBEDTLS_MD_MD4:
- return( mbedtls_md4_finish_ret( ctx->md_ctx, output ) );
+ return( mbedtls_md4_finish( ctx->md_ctx, output ) );
#endif
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_MD_MD5:
- return( mbedtls_md5_finish_ret( ctx->md_ctx, output ) );
+ return( mbedtls_md5_finish( ctx->md_ctx, output ) );
#endif
#if defined(MBEDTLS_RIPEMD160_C)
case MBEDTLS_MD_RIPEMD160:
- return( mbedtls_ripemd160_finish_ret( ctx->md_ctx, output ) );
+ return( mbedtls_ripemd160_finish( ctx->md_ctx, output ) );
#endif
#if defined(MBEDTLS_SHA1_C)
case MBEDTLS_MD_SHA1:
- return( mbedtls_sha1_finish_ret( ctx->md_ctx, output ) );
+ return( mbedtls_sha1_finish( ctx->md_ctx, output ) );
#endif
#if defined(MBEDTLS_SHA224_C)
case MBEDTLS_MD_SHA224:
- return( mbedtls_sha256_finish_ret( ctx->md_ctx, output ) );
+ return( mbedtls_sha256_finish( ctx->md_ctx, output ) );
#endif
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA256:
- return( mbedtls_sha256_finish_ret( ctx->md_ctx, output ) );
+ return( mbedtls_sha256_finish( ctx->md_ctx, output ) );
#endif
#if defined(MBEDTLS_SHA384_C)
case MBEDTLS_MD_SHA384:
- return( mbedtls_sha512_finish_ret( ctx->md_ctx, output ) );
+ return( mbedtls_sha512_finish( ctx->md_ctx, output ) );
#endif
#if defined(MBEDTLS_SHA512_C)
case MBEDTLS_MD_SHA512:
- return( mbedtls_sha512_finish_ret( ctx->md_ctx, output ) );
+ return( mbedtls_sha512_finish( ctx->md_ctx, output ) );
#endif
default:
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
@@ -648,39 +648,39 @@
{
#if defined(MBEDTLS_MD2_C)
case MBEDTLS_MD_MD2:
- return( mbedtls_md2_ret( input, ilen, output ) );
+ return( mbedtls_md2( input, ilen, output ) );
#endif
#if defined(MBEDTLS_MD4_C)
case MBEDTLS_MD_MD4:
- return( mbedtls_md4_ret( input, ilen, output ) );
+ return( mbedtls_md4( input, ilen, output ) );
#endif
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_MD_MD5:
- return( mbedtls_md5_ret( input, ilen, output ) );
+ return( mbedtls_md5( input, ilen, output ) );
#endif
#if defined(MBEDTLS_RIPEMD160_C)
case MBEDTLS_MD_RIPEMD160:
- return( mbedtls_ripemd160_ret( input, ilen, output ) );
+ return( mbedtls_ripemd160( input, ilen, output ) );
#endif
#if defined(MBEDTLS_SHA1_C)
case MBEDTLS_MD_SHA1:
- return( mbedtls_sha1_ret( input, ilen, output ) );
+ return( mbedtls_sha1( input, ilen, output ) );
#endif
#if defined(MBEDTLS_SHA224_C)
case MBEDTLS_MD_SHA224:
- return( mbedtls_sha256_ret( input, ilen, output, 1 ) );
+ return( mbedtls_sha256( input, ilen, output, 1 ) );
#endif
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA256:
- return( mbedtls_sha256_ret( input, ilen, output, 0 ) );
+ return( mbedtls_sha256( input, ilen, output, 0 ) );
#endif
#if defined(MBEDTLS_SHA384_C)
case MBEDTLS_MD_SHA384:
- return( mbedtls_sha512_ret( input, ilen, output, 1 ) );
+ return( mbedtls_sha512( input, ilen, output, 1 ) );
#endif
#if defined(MBEDTLS_SHA512_C)
case MBEDTLS_MD_SHA512:
- return( mbedtls_sha512_ret( input, ilen, output, 0 ) );
+ return( mbedtls_sha512( input, ilen, output, 0 ) );
#endif
default:
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
diff --git a/library/md2.c b/library/md2.c
index a11bc0f..e02c2f0 100644
--- a/library/md2.c
+++ b/library/md2.c
@@ -96,7 +96,7 @@
/*
* MD2 context setup
*/
-int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx )
+int mbedtls_md2_starts( mbedtls_md2_context *ctx )
{
memset( ctx->cksum, 0, 16 );
memset( ctx->state, 0, 46 );
@@ -151,7 +151,7 @@
/*
* MD2 process buffer
*/
-int mbedtls_md2_update_ret( mbedtls_md2_context *ctx,
+int mbedtls_md2_update( mbedtls_md2_context *ctx,
const unsigned char *input,
size_t ilen )
{
@@ -185,7 +185,7 @@
/*
* MD2 final digest
*/
-int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx,
+int mbedtls_md2_finish( mbedtls_md2_context *ctx,
unsigned char output[16] )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -214,7 +214,7 @@
/*
* output = MD2( input buffer )
*/
-int mbedtls_md2_ret( const unsigned char *input,
+int mbedtls_md2( const unsigned char *input,
size_t ilen,
unsigned char output[16] )
{
@@ -223,13 +223,13 @@
mbedtls_md2_init( &ctx );
- if( ( ret = mbedtls_md2_starts_ret( &ctx ) ) != 0 )
+ if( ( ret = mbedtls_md2_starts( &ctx ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_md2_update_ret( &ctx, input, ilen ) ) != 0 )
+ if( ( ret = mbedtls_md2_update( &ctx, input, ilen ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_md2_finish_ret( &ctx, output ) ) != 0 )
+ if( ( ret = mbedtls_md2_finish( &ctx, output ) ) != 0 )
goto exit;
exit:
@@ -290,7 +290,7 @@
if( verbose != 0 )
mbedtls_printf( " MD2 test #%d: ", i + 1 );
- ret = mbedtls_md2_ret( md2_test_str[i], md2_test_strlen[i], md2sum );
+ ret = mbedtls_md2( md2_test_str[i], md2_test_strlen[i], md2sum );
if( ret != 0 )
goto fail;
diff --git a/library/md4.c b/library/md4.c
index c366c0d..f5f3302 100644
--- a/library/md4.c
+++ b/library/md4.c
@@ -89,7 +89,7 @@
/*
* MD4 context setup
*/
-int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx )
+int mbedtls_md4_starts( mbedtls_md4_context *ctx )
{
ctx->total[0] = 0;
ctx->total[1] = 0;
@@ -236,7 +236,7 @@
/*
* MD4 process buffer
*/
-int mbedtls_md4_update_ret( mbedtls_md4_context *ctx,
+int mbedtls_md4_update( mbedtls_md4_context *ctx,
const unsigned char *input,
size_t ilen )
{
@@ -298,7 +298,7 @@
/*
* MD4 final digest
*/
-int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx,
+int mbedtls_md4_finish( mbedtls_md4_context *ctx,
unsigned char output[16] )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -316,11 +316,11 @@
last = ctx->total[0] & 0x3F;
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
- ret = mbedtls_md4_update_ret( ctx, (unsigned char *)md4_padding, padn );
+ ret = mbedtls_md4_update( ctx, (unsigned char *)md4_padding, padn );
if( ret != 0 )
return( ret );
- if( ( ret = mbedtls_md4_update_ret( ctx, msglen, 8 ) ) != 0 )
+ if( ( ret = mbedtls_md4_update( ctx, msglen, 8 ) ) != 0 )
return( ret );
@@ -337,7 +337,7 @@
/*
* output = MD4( input buffer )
*/
-int mbedtls_md4_ret( const unsigned char *input,
+int mbedtls_md4( const unsigned char *input,
size_t ilen,
unsigned char output[16] )
{
@@ -346,13 +346,13 @@
mbedtls_md4_init( &ctx );
- if( ( ret = mbedtls_md4_starts_ret( &ctx ) ) != 0 )
+ if( ( ret = mbedtls_md4_starts( &ctx ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_md4_update_ret( &ctx, input, ilen ) ) != 0 )
+ if( ( ret = mbedtls_md4_update( &ctx, input, ilen ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_md4_finish_ret( &ctx, output ) ) != 0 )
+ if( ( ret = mbedtls_md4_finish( &ctx, output ) ) != 0 )
goto exit;
exit:
@@ -413,7 +413,7 @@
if( verbose != 0 )
mbedtls_printf( " MD4 test #%d: ", i + 1 );
- ret = mbedtls_md4_ret( md4_test_str[i], md4_test_strlen[i], md4sum );
+ ret = mbedtls_md4( md4_test_str[i], md4_test_strlen[i], md4sum );
if( ret != 0 )
goto fail;
diff --git a/library/md5.c b/library/md5.c
index 019b7f4..d7f8cee 100644
--- a/library/md5.c
+++ b/library/md5.c
@@ -88,7 +88,7 @@
/*
* MD5 context setup
*/
-int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx )
+int mbedtls_md5_starts( mbedtls_md5_context *ctx )
{
ctx->total[0] = 0;
ctx->total[1] = 0;
@@ -242,7 +242,7 @@
/*
* MD5 process buffer
*/
-int mbedtls_md5_update_ret( mbedtls_md5_context *ctx,
+int mbedtls_md5_update( mbedtls_md5_context *ctx,
const unsigned char *input,
size_t ilen )
{
@@ -293,7 +293,7 @@
/*
* MD5 final digest
*/
-int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx,
+int mbedtls_md5_finish( mbedtls_md5_context *ctx,
unsigned char output[16] )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -352,7 +352,7 @@
/*
* output = MD5( input buffer )
*/
-int mbedtls_md5_ret( const unsigned char *input,
+int mbedtls_md5( const unsigned char *input,
size_t ilen,
unsigned char output[16] )
{
@@ -361,13 +361,13 @@
mbedtls_md5_init( &ctx );
- if( ( ret = mbedtls_md5_starts_ret( &ctx ) ) != 0 )
+ if( ( ret = mbedtls_md5_starts( &ctx ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_md5_update_ret( &ctx, input, ilen ) ) != 0 )
+ if( ( ret = mbedtls_md5_update( &ctx, input, ilen ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_md5_finish_ret( &ctx, output ) ) != 0 )
+ if( ( ret = mbedtls_md5_finish( &ctx, output ) ) != 0 )
goto exit;
exit:
@@ -427,7 +427,7 @@
if( verbose != 0 )
mbedtls_printf( " MD5 test #%d: ", i + 1 );
- ret = mbedtls_md5_ret( md5_test_buf[i], md5_test_buflen[i], md5sum );
+ ret = mbedtls_md5( md5_test_buf[i], md5_test_buflen[i], md5sum );
if( ret != 0 )
goto fail;
diff --git a/library/nist_kw.c b/library/nist_kw.c
index 04829a0..5054ca2 100644
--- a/library/nist_kw.c
+++ b/library/nist_kw.c
@@ -189,8 +189,6 @@
uint64_t t = 0;
unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2];
unsigned char inbuff[KW_SEMIBLOCK_LENGTH * 2];
- unsigned char *R2 = output + KW_SEMIBLOCK_LENGTH;
- unsigned char *A = output;
*out_len = 0;
/*
@@ -266,6 +264,9 @@
}
else
{
+ unsigned char *R2 = output + KW_SEMIBLOCK_LENGTH;
+ unsigned char *A = output;
+
/*
* Do the wrapping function W, as defined in RFC 3394 section 2.2.1
*/
@@ -329,7 +330,7 @@
uint64_t t = 0;
unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2];
unsigned char inbuff[KW_SEMIBLOCK_LENGTH * 2];
- unsigned char *R = output + ( semiblocks - 2 ) * KW_SEMIBLOCK_LENGTH;
+ unsigned char *R = NULL;
*out_len = 0;
if( semiblocks < MIN_SEMIBLOCKS_COUNT )
@@ -339,6 +340,7 @@
memcpy( A, input, KW_SEMIBLOCK_LENGTH );
memmove( output, input + KW_SEMIBLOCK_LENGTH, ( semiblocks - 1 ) * KW_SEMIBLOCK_LENGTH );
+ R = output + ( semiblocks - 2 ) * KW_SEMIBLOCK_LENGTH;
/* Calculate intermediate values */
for( t = s; t >= 1; t-- )
diff --git a/library/oid.c b/library/oid.c
index eb15a41..c4a4df9 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -238,6 +238,10 @@
"pseudonym",
},
{
+ OID_DESCRIPTOR( MBEDTLS_OID_UID, "id-uid", "User Id" ),
+ "uid",
+ },
+ {
OID_DESCRIPTOR( MBEDTLS_OID_DOMAIN_COMPONENT, "id-domainComponent", "Domain component" ),
"DC",
},
diff --git a/library/pem.c b/library/pem.c
index fcfde94..1b40e5e 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -87,13 +87,13 @@
/*
* key[ 0..15] = MD5(pwd || IV)
*/
- if( ( ret = mbedtls_md5_starts_ret( &md5_ctx ) ) != 0 )
+ if( ( ret = mbedtls_md5_starts( &md5_ctx ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_md5_update_ret( &md5_ctx, pwd, pwdlen ) ) != 0 )
+ if( ( ret = mbedtls_md5_update( &md5_ctx, pwd, pwdlen ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_md5_update_ret( &md5_ctx, iv, 8 ) ) != 0 )
+ if( ( ret = mbedtls_md5_update( &md5_ctx, iv, 8 ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_md5_finish_ret( &md5_ctx, md5sum ) ) != 0 )
+ if( ( ret = mbedtls_md5_finish( &md5_ctx, md5sum ) ) != 0 )
goto exit;
if( keylen <= 16 )
@@ -107,15 +107,15 @@
/*
* key[16..23] = MD5(key[ 0..15] || pwd || IV])
*/
- if( ( ret = mbedtls_md5_starts_ret( &md5_ctx ) ) != 0 )
+ if( ( ret = mbedtls_md5_starts( &md5_ctx ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_md5_update_ret( &md5_ctx, md5sum, 16 ) ) != 0 )
+ if( ( ret = mbedtls_md5_update( &md5_ctx, md5sum, 16 ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_md5_update_ret( &md5_ctx, pwd, pwdlen ) ) != 0 )
+ if( ( ret = mbedtls_md5_update( &md5_ctx, pwd, pwdlen ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_md5_update_ret( &md5_ctx, iv, 8 ) ) != 0 )
+ if( ( ret = mbedtls_md5_update( &md5_ctx, iv, 8 ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_md5_finish_ret( &md5_ctx, md5sum ) ) != 0 )
+ if( ( ret = mbedtls_md5_finish( &md5_ctx, md5sum ) ) != 0 )
goto exit;
use_len = 16;
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index c351113..7c317c5 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -165,7 +165,7 @@
void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_context ) );
if( ctx != NULL )
- mbedtls_rsa_init( (mbedtls_rsa_context *) ctx, 0, 0 );
+ mbedtls_rsa_init( (mbedtls_rsa_context *) ctx );
return( ctx );
}
@@ -178,6 +178,11 @@
static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items )
{
+#if defined(MBEDTLS_RSA_ALT)
+ /* Not supported */
+ (void) ctx;
+ (void) items;
+#else
items->type = MBEDTLS_PK_DEBUG_MPI;
items->name = "rsa.N";
items->value = &( ((mbedtls_rsa_context *) ctx)->N );
@@ -187,6 +192,7 @@
items->type = MBEDTLS_PK_DEBUG_MPI;
items->name = "rsa.E";
items->value = &( ((mbedtls_rsa_context *) ctx)->E );
+#endif
}
const mbedtls_pk_info_t mbedtls_rsa_info = {
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index d8a5d82..ba30eb5 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1019,18 +1019,8 @@
{
psa_status_t status = psa_remove_key_data_from_memory( slot );
- /*
- * As the return error code may not be handled in case of multiple errors,
- * do our best to report an unexpected lock counter: if available
- * call MBEDTLS_PARAM_FAILED that may terminate execution (if called as
- * part of the execution of a test suite this will stop the test suite
- * execution).
- */
if( slot->lock_count != 1 )
{
-#ifdef MBEDTLS_CHECK_PARAMS
- MBEDTLS_PARAM_FAILED( slot->lock_count == 1 );
-#endif
status = PSA_ERROR_CORRUPTION_DETECTED;
}
@@ -2848,13 +2838,14 @@
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
-static void psa_rsa_oaep_set_padding_mode( psa_algorithm_t alg,
- mbedtls_rsa_context *rsa )
+static int psa_rsa_oaep_set_padding_mode( psa_algorithm_t alg,
+ mbedtls_rsa_context *rsa )
{
psa_algorithm_t hash_alg = PSA_ALG_RSA_OAEP_GET_HASH( alg );
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info );
- mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
+
+ return( mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ) );
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
@@ -2927,7 +2918,11 @@
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
if( PSA_ALG_IS_RSA_OAEP( alg ) )
{
- psa_rsa_oaep_set_padding_mode( alg, rsa );
+ status = mbedtls_to_psa_error(
+ psa_rsa_oaep_set_padding_mode( alg, rsa ) );
+ if( status != PSA_SUCCESS )
+ goto rsa_exit;
+
status = mbedtls_to_psa_error(
mbedtls_rsa_rsaes_oaep_encrypt( rsa,
mbedtls_psa_get_random,
@@ -3033,7 +3028,11 @@
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
if( PSA_ALG_IS_RSA_OAEP( alg ) )
{
- psa_rsa_oaep_set_padding_mode( alg, rsa );
+ status = mbedtls_to_psa_error(
+ psa_rsa_oaep_set_padding_mode( alg, rsa ) );
+ if( status != PSA_SUCCESS )
+ goto rsa_exit;
+
status = mbedtls_to_psa_error(
mbedtls_rsa_rsaes_oaep_decrypt( rsa,
mbedtls_psa_get_random,
@@ -4829,7 +4828,8 @@
}
else
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
+ defined(MBEDTLS_GENPRIME)
if ( type == PSA_KEY_TYPE_RSA_KEY_PAIR )
{
return( mbedtls_psa_rsa_generate_key( attributes,
@@ -4838,7 +4838,8 @@
key_buffer_length ) );
}
else
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
+#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
+ * defined(MBEDTLS_GENPRIME) */
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR)
if ( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index f61e5eb..19260c4 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -19,6 +19,7 @@
* limitations under the License.
*/
+#include "common.h"
#include "psa_crypto_aead.h"
#include "psa_crypto_cipher.h"
#include "psa_crypto_core.h"
diff --git a/library/psa_crypto_hash.c b/library/psa_crypto_hash.c
index d0f986e..6471f82 100644
--- a/library/psa_crypto_hash.c
+++ b/library/psa_crypto_hash.c
@@ -203,55 +203,55 @@
#if defined(BUILTIN_ALG_MD2)
case PSA_ALG_MD2:
mbedtls_md2_init( &operation->ctx.md2 );
- ret = mbedtls_md2_starts_ret( &operation->ctx.md2 );
+ ret = mbedtls_md2_starts( &operation->ctx.md2 );
break;
#endif
#if defined(BUILTIN_ALG_MD4)
case PSA_ALG_MD4:
mbedtls_md4_init( &operation->ctx.md4 );
- ret = mbedtls_md4_starts_ret( &operation->ctx.md4 );
+ ret = mbedtls_md4_starts( &operation->ctx.md4 );
break;
#endif
#if defined(BUILTIN_ALG_MD5)
case PSA_ALG_MD5:
mbedtls_md5_init( &operation->ctx.md5 );
- ret = mbedtls_md5_starts_ret( &operation->ctx.md5 );
+ ret = mbedtls_md5_starts( &operation->ctx.md5 );
break;
#endif
#if defined(BUILTIN_ALG_RIPEMD160)
case PSA_ALG_RIPEMD160:
mbedtls_ripemd160_init( &operation->ctx.ripemd160 );
- ret = mbedtls_ripemd160_starts_ret( &operation->ctx.ripemd160 );
+ ret = mbedtls_ripemd160_starts( &operation->ctx.ripemd160 );
break;
#endif
#if defined(BUILTIN_ALG_SHA_1)
case PSA_ALG_SHA_1:
mbedtls_sha1_init( &operation->ctx.sha1 );
- ret = mbedtls_sha1_starts_ret( &operation->ctx.sha1 );
+ ret = mbedtls_sha1_starts( &operation->ctx.sha1 );
break;
#endif
#if defined(BUILTIN_ALG_SHA_224)
case PSA_ALG_SHA_224:
mbedtls_sha256_init( &operation->ctx.sha256 );
- ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 1 );
+ ret = mbedtls_sha256_starts( &operation->ctx.sha256, 1 );
break;
#endif
#if defined(BUILTIN_ALG_SHA_256)
case PSA_ALG_SHA_256:
mbedtls_sha256_init( &operation->ctx.sha256 );
- ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 0 );
+ ret = mbedtls_sha256_starts( &operation->ctx.sha256, 0 );
break;
#endif
#if defined(BUILTIN_ALG_SHA_384)
case PSA_ALG_SHA_384:
mbedtls_sha512_init( &operation->ctx.sha512 );
- ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 1 );
+ ret = mbedtls_sha512_starts( &operation->ctx.sha512, 1 );
break;
#endif
#if defined(BUILTIN_ALG_SHA_512)
case PSA_ALG_SHA_512:
mbedtls_sha512_init( &operation->ctx.sha512 );
- ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 0 );
+ ret = mbedtls_sha512_starts( &operation->ctx.sha512, 0 );
break;
#endif
default:
@@ -349,55 +349,55 @@
{
#if defined(BUILTIN_ALG_MD2)
case PSA_ALG_MD2:
- ret = mbedtls_md2_update_ret( &operation->ctx.md2,
+ ret = mbedtls_md2_update( &operation->ctx.md2,
input, input_length );
break;
#endif
#if defined(BUILTIN_ALG_MD4)
case PSA_ALG_MD4:
- ret = mbedtls_md4_update_ret( &operation->ctx.md4,
+ ret = mbedtls_md4_update( &operation->ctx.md4,
input, input_length );
break;
#endif
#if defined(BUILTIN_ALG_MD5)
case PSA_ALG_MD5:
- ret = mbedtls_md5_update_ret( &operation->ctx.md5,
+ ret = mbedtls_md5_update( &operation->ctx.md5,
input, input_length );
break;
#endif
#if defined(BUILTIN_ALG_RIPEMD160)
case PSA_ALG_RIPEMD160:
- ret = mbedtls_ripemd160_update_ret( &operation->ctx.ripemd160,
+ ret = mbedtls_ripemd160_update( &operation->ctx.ripemd160,
input, input_length );
break;
#endif
#if defined(BUILTIN_ALG_SHA_1)
case PSA_ALG_SHA_1:
- ret = mbedtls_sha1_update_ret( &operation->ctx.sha1,
+ ret = mbedtls_sha1_update( &operation->ctx.sha1,
input, input_length );
break;
#endif
#if defined(BUILTIN_ALG_SHA_224)
case PSA_ALG_SHA_224:
- ret = mbedtls_sha256_update_ret( &operation->ctx.sha256,
+ ret = mbedtls_sha256_update( &operation->ctx.sha256,
input, input_length );
break;
#endif
#if defined(BUILTIN_ALG_SHA_256)
case PSA_ALG_SHA_256:
- ret = mbedtls_sha256_update_ret( &operation->ctx.sha256,
+ ret = mbedtls_sha256_update( &operation->ctx.sha256,
input, input_length );
break;
#endif
#if defined(BUILTIN_ALG_SHA_384)
case PSA_ALG_SHA_384:
- ret = mbedtls_sha512_update_ret( &operation->ctx.sha512,
+ ret = mbedtls_sha512_update( &operation->ctx.sha512,
input, input_length );
break;
#endif
#if defined(BUILTIN_ALG_SHA_512)
case PSA_ALG_SHA_512:
- ret = mbedtls_sha512_update_ret( &operation->ctx.sha512,
+ ret = mbedtls_sha512_update( &operation->ctx.sha512,
input, input_length );
break;
#endif
@@ -439,47 +439,47 @@
{
#if defined(BUILTIN_ALG_MD2)
case PSA_ALG_MD2:
- ret = mbedtls_md2_finish_ret( &operation->ctx.md2, hash );
+ ret = mbedtls_md2_finish( &operation->ctx.md2, hash );
break;
#endif
#if defined(BUILTIN_ALG_MD4)
case PSA_ALG_MD4:
- ret = mbedtls_md4_finish_ret( &operation->ctx.md4, hash );
+ ret = mbedtls_md4_finish( &operation->ctx.md4, hash );
break;
#endif
#if defined(BUILTIN_ALG_MD5)
case PSA_ALG_MD5:
- ret = mbedtls_md5_finish_ret( &operation->ctx.md5, hash );
+ ret = mbedtls_md5_finish( &operation->ctx.md5, hash );
break;
#endif
#if defined(BUILTIN_ALG_RIPEMD160)
case PSA_ALG_RIPEMD160:
- ret = mbedtls_ripemd160_finish_ret( &operation->ctx.ripemd160, hash );
+ ret = mbedtls_ripemd160_finish( &operation->ctx.ripemd160, hash );
break;
#endif
#if defined(BUILTIN_ALG_SHA_1)
case PSA_ALG_SHA_1:
- ret = mbedtls_sha1_finish_ret( &operation->ctx.sha1, hash );
+ ret = mbedtls_sha1_finish( &operation->ctx.sha1, hash );
break;
#endif
#if defined(BUILTIN_ALG_SHA_224)
case PSA_ALG_SHA_224:
- ret = mbedtls_sha256_finish_ret( &operation->ctx.sha256, hash );
+ ret = mbedtls_sha256_finish( &operation->ctx.sha256, hash );
break;
#endif
#if defined(BUILTIN_ALG_SHA_256)
case PSA_ALG_SHA_256:
- ret = mbedtls_sha256_finish_ret( &operation->ctx.sha256, hash );
+ ret = mbedtls_sha256_finish( &operation->ctx.sha256, hash );
break;
#endif
#if defined(BUILTIN_ALG_SHA_384)
case PSA_ALG_SHA_384:
- ret = mbedtls_sha512_finish_ret( &operation->ctx.sha512, hash );
+ ret = mbedtls_sha512_finish( &operation->ctx.sha512, hash );
break;
#endif
#if defined(BUILTIN_ALG_SHA_512)
case PSA_ALG_SHA_512:
- ret = mbedtls_sha512_finish_ret( &operation->ctx.sha512, hash );
+ ret = mbedtls_sha512_finish( &operation->ctx.sha512, hash );
break;
#endif
default:
diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c
index 10ce30e..f2e9a1c 100644
--- a/library/psa_crypto_rsa.c
+++ b/library/psa_crypto_rsa.c
@@ -274,7 +274,8 @@
#endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
* defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
-#if defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
+#if defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
+ defined(MBEDTLS_GENPRIME)
static psa_status_t psa_rsa_read_exponent( const uint8_t *domain_parameters,
size_t domain_parameters_size,
int *exponent )
@@ -316,7 +317,7 @@
if( status != PSA_SUCCESS )
return( status );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE );
+ mbedtls_rsa_init( &rsa );
ret = mbedtls_rsa_gen_key( &rsa,
mbedtls_psa_get_random,
MBEDTLS_PSA_RANDOM_STATE,
@@ -332,7 +333,8 @@
return( status );
}
-#endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
+#endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
+ * defined(MBEDTLS_GENPRIME) */
/****************************************************************/
/* Sign/verify hashes */
@@ -414,29 +416,36 @@
#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN)
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
{
- mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
- MBEDTLS_MD_NONE );
- ret = mbedtls_rsa_pkcs1_sign( rsa,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE,
- md_alg,
- (unsigned int) hash_length,
- hash,
- signature );
+ ret = mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
+ MBEDTLS_MD_NONE );
+ if( ret == 0 )
+ {
+ ret = mbedtls_rsa_pkcs1_sign( rsa,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE,
+ md_alg,
+ (unsigned int) hash_length,
+ hash,
+ signature );
+ }
}
else
#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */
#if defined(BUILTIN_ALG_RSA_PSS)
if( PSA_ALG_IS_RSA_PSS( alg ) )
{
- mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
- ret = mbedtls_rsa_rsassa_pss_sign( rsa,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE,
- MBEDTLS_MD_NONE,
- (unsigned int) hash_length,
- hash,
- signature );
+ ret = mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
+
+ if( ret == 0 )
+ {
+ ret = mbedtls_rsa_rsassa_pss_sign( rsa,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE,
+ MBEDTLS_MD_NONE,
+ (unsigned int) hash_length,
+ hash,
+ signature );
+ }
}
else
#endif /* BUILTIN_ALG_RSA_PSS */
@@ -487,25 +496,31 @@
#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN)
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
{
- mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
- MBEDTLS_MD_NONE );
- ret = mbedtls_rsa_pkcs1_verify( rsa,
- md_alg,
- (unsigned int) hash_length,
- hash,
- signature );
+ ret = mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
+ MBEDTLS_MD_NONE );
+ if( ret == 0 )
+ {
+ ret = mbedtls_rsa_pkcs1_verify( rsa,
+ md_alg,
+ (unsigned int) hash_length,
+ hash,
+ signature );
+ }
}
else
#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */
#if defined(BUILTIN_ALG_RSA_PSS)
if( PSA_ALG_IS_RSA_PSS( alg ) )
{
- mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
- ret = mbedtls_rsa_rsassa_pss_verify( rsa,
- MBEDTLS_MD_NONE,
- (unsigned int) hash_length,
- hash,
- signature );
+ ret = mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
+ if( ret == 0 )
+ {
+ ret = mbedtls_rsa_rsassa_pss_verify( rsa,
+ MBEDTLS_MD_NONE,
+ (unsigned int) hash_length,
+ hash,
+ signature );
+ }
}
else
#endif /* BUILTIN_ALG_RSA_PSS */
@@ -557,7 +572,8 @@
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
+ defined(MBEDTLS_GENPRIME)
psa_status_t mbedtls_psa_rsa_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
@@ -565,7 +581,8 @@
return( rsa_generate_key( attributes, key_buffer, key_buffer_size,
key_buffer_length ) );
}
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
+#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
+ * defined(MBEDTLS_GENPRIME) */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 0b1a3c1..4cf32db 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -409,17 +409,6 @@
return( PSA_SUCCESS );
}
- /*
- * As the return error code may not be handled in case of multiple errors,
- * do our best to report if the lock counter is equal to zero: if
- * available call MBEDTLS_PARAM_FAILED that may terminate execution (if
- * called as part of the execution of a unit test suite this will stop the
- * test suite execution).
- */
-#ifdef MBEDTLS_CHECK_PARAMS
- MBEDTLS_PARAM_FAILED( slot->lock_count > 0 );
-#endif
-
return( PSA_ERROR_CORRUPTION_DETECTED );
}
diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c
index 773d3aa..575e992 100644
--- a/library/psa_crypto_storage.c
+++ b/library/psa_crypto_storage.c
@@ -18,11 +18,7 @@
* limitations under the License.
*/
-#if defined(MBEDTLS_CONFIG_FILE)
-#include MBEDTLS_CONFIG_FILE
-#else
-#include "mbedtls/config.h"
-#endif
+#include "common.h"
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
diff --git a/library/psa_its_file.c b/library/psa_its_file.c
index 7798da6..492be1c 100644
--- a/library/psa_its_file.c
+++ b/library/psa_its_file.c
@@ -18,11 +18,7 @@
* limitations under the License.
*/
-#if defined(MBEDTLS_CONFIG_FILE)
-#include MBEDTLS_CONFIG_FILE
-#else
-#include "mbedtls/config.h"
-#endif
+#include "common.h"
#if defined(MBEDTLS_PSA_ITS_FILE_C)
diff --git a/library/ripemd160.c b/library/ripemd160.c
index 0e1df8f..d2ccbbe 100644
--- a/library/ripemd160.c
+++ b/library/ripemd160.c
@@ -89,7 +89,7 @@
/*
* RIPEMD-160 context setup
*/
-int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx )
+int mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx )
{
ctx->total[0] = 0;
ctx->total[1] = 0;
@@ -305,7 +305,7 @@
/*
* RIPEMD-160 process buffer
*/
-int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx,
+int mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx,
const unsigned char *input,
size_t ilen )
{
@@ -365,7 +365,7 @@
/*
* RIPEMD-160 final digest
*/
-int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx,
+int mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx,
unsigned char output[20] )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -383,11 +383,11 @@
last = ctx->total[0] & 0x3F;
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
- ret = mbedtls_ripemd160_update_ret( ctx, ripemd160_padding, padn );
+ ret = mbedtls_ripemd160_update( ctx, ripemd160_padding, padn );
if( ret != 0 )
return( ret );
- ret = mbedtls_ripemd160_update_ret( ctx, msglen, 8 );
+ ret = mbedtls_ripemd160_update( ctx, msglen, 8 );
if( ret != 0 )
return( ret );
@@ -405,7 +405,7 @@
/*
* output = RIPEMD-160( input buffer )
*/
-int mbedtls_ripemd160_ret( const unsigned char *input,
+int mbedtls_ripemd160( const unsigned char *input,
size_t ilen,
unsigned char output[20] )
{
@@ -414,13 +414,13 @@
mbedtls_ripemd160_init( &ctx );
- if( ( ret = mbedtls_ripemd160_starts_ret( &ctx ) ) != 0 )
+ if( ( ret = mbedtls_ripemd160_starts( &ctx ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_ripemd160_update_ret( &ctx, input, ilen ) ) != 0 )
+ if( ( ret = mbedtls_ripemd160_update( &ctx, input, ilen ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_ripemd160_finish_ret( &ctx, output ) ) != 0 )
+ if( ( ret = mbedtls_ripemd160_finish( &ctx, output ) ) != 0 )
goto exit;
exit:
@@ -487,7 +487,7 @@
if( verbose != 0 )
mbedtls_printf( " RIPEMD-160 test #%d: ", i + 1 );
- ret = mbedtls_ripemd160_ret( ripemd160_test_str[i],
+ ret = mbedtls_ripemd160( ripemd160_test_str[i],
ripemd160_test_strlen[i], output );
if( ret != 0 )
goto fail;
diff --git a/library/rsa.c b/library/rsa.c
index 36424bd..f7274ea 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -477,17 +477,14 @@
/*
* Initialize an RSA context
*/
-void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
- int padding,
- int hash_id )
+void mbedtls_rsa_init( mbedtls_rsa_context *ctx )
{
RSA_VALIDATE( ctx != NULL );
- RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 ||
- padding == MBEDTLS_RSA_PKCS_V21 );
memset( ctx, 0, sizeof( mbedtls_rsa_context ) );
- mbedtls_rsa_set_padding( ctx, padding, hash_id );
+ ctx->padding = MBEDTLS_RSA_PKCS_V15;
+ ctx->hash_id = MBEDTLS_MD_NONE;
#if defined(MBEDTLS_THREADING_C)
/* Set ctx->ver to nonzero to indicate that the mutex has been
@@ -500,15 +497,38 @@
/*
* Set padding for an existing RSA context
*/
-void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
- int hash_id )
+int mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
+ mbedtls_md_type_t hash_id )
{
- RSA_VALIDATE( ctx != NULL );
- RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 ||
- padding == MBEDTLS_RSA_PKCS_V21 );
+ switch( padding )
+ {
+#if defined(MBEDTLS_PKCS1_V15)
+ case MBEDTLS_RSA_PKCS_V15:
+ break;
+#endif
+
+#if defined(MBEDTLS_PKCS1_V21)
+ case MBEDTLS_RSA_PKCS_V21:
+ break;
+#endif
+ default:
+ return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+ }
+
+ if( ( padding == MBEDTLS_RSA_PKCS_V21 ) &&
+ ( hash_id != MBEDTLS_MD_NONE ) )
+ {
+ const mbedtls_md_info_t *md_info;
+
+ md_info = mbedtls_md_info_from_type( hash_id );
+ if( md_info == NULL )
+ return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+ }
ctx->padding = padding;
ctx->hash_id = hash_id;
+
+ return( 0 );
}
/*
@@ -2580,7 +2600,7 @@
mbedtls_mpi K;
mbedtls_mpi_init( &K );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &rsa );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_N ) );
MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, &K, NULL, NULL, NULL, NULL ) );
@@ -2654,7 +2674,7 @@
if( verbose != 0 )
mbedtls_printf( " PKCS#1 data sign : " );
- if( mbedtls_sha1_ret( rsa_plaintext, PT_LEN, sha1sum ) != 0 )
+ if( mbedtls_sha1( rsa_plaintext, PT_LEN, sha1sum ) != 0 )
{
if( verbose != 0 )
mbedtls_printf( "failed\n" );
diff --git a/library/sha1.c b/library/sha1.c
index c6087ac..545d093 100644
--- a/library/sha1.c
+++ b/library/sha1.c
@@ -98,7 +98,7 @@
/*
* SHA-1 context setup
*/
-int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx )
+int mbedtls_sha1_starts( mbedtls_sha1_context *ctx )
{
SHA1_VALIDATE_RET( ctx != NULL );
@@ -292,7 +292,7 @@
/*
* SHA-1 process buffer
*/
-int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
+int mbedtls_sha1_update( mbedtls_sha1_context *ctx,
const unsigned char *input,
size_t ilen )
{
@@ -345,7 +345,7 @@
/*
* SHA-1 final digest
*/
-int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
+int mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
unsigned char output[20] )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -408,7 +408,7 @@
/*
* output = SHA-1( input buffer )
*/
-int mbedtls_sha1_ret( const unsigned char *input,
+int mbedtls_sha1( const unsigned char *input,
size_t ilen,
unsigned char output[20] )
{
@@ -420,13 +420,13 @@
mbedtls_sha1_init( &ctx );
- if( ( ret = mbedtls_sha1_starts_ret( &ctx ) ) != 0 )
+ if( ( ret = mbedtls_sha1_starts( &ctx ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_sha1_update_ret( &ctx, input, ilen ) ) != 0 )
+ if( ( ret = mbedtls_sha1_update( &ctx, input, ilen ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_sha1_finish_ret( &ctx, output ) ) != 0 )
+ if( ( ret = mbedtls_sha1_finish( &ctx, output ) ) != 0 )
goto exit;
exit:
@@ -481,7 +481,7 @@
if( verbose != 0 )
mbedtls_printf( " SHA-1 test #%d: ", i + 1 );
- if( ( ret = mbedtls_sha1_starts_ret( &ctx ) ) != 0 )
+ if( ( ret = mbedtls_sha1_starts( &ctx ) ) != 0 )
goto fail;
if( i == 2 )
@@ -490,20 +490,20 @@
for( j = 0; j < 1000; j++ )
{
- ret = mbedtls_sha1_update_ret( &ctx, buf, buflen );
+ ret = mbedtls_sha1_update( &ctx, buf, buflen );
if( ret != 0 )
goto fail;
}
}
else
{
- ret = mbedtls_sha1_update_ret( &ctx, sha1_test_buf[i],
+ ret = mbedtls_sha1_update( &ctx, sha1_test_buf[i],
sha1_test_buflen[i] );
if( ret != 0 )
goto fail;
}
- if( ( ret = mbedtls_sha1_finish_ret( &ctx, sha1sum ) ) != 0 )
+ if( ( ret = mbedtls_sha1_finish( &ctx, sha1sum ) ) != 0 )
goto fail;
if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
diff --git a/library/sha256.c b/library/sha256.c
index 3cb2122..6ec6da2 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -100,7 +100,7 @@
/*
* SHA-256 context setup
*/
-int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
+int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
{
SHA256_VALIDATE_RET( ctx != NULL );
@@ -285,7 +285,7 @@
/*
* SHA-256 process buffer
*/
-int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
+int mbedtls_sha256_update( mbedtls_sha256_context *ctx,
const unsigned char *input,
size_t ilen )
{
@@ -338,7 +338,7 @@
/*
* SHA-256 final digest
*/
-int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
+int mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
unsigned char *output )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -408,7 +408,7 @@
/*
* output = SHA-256( input buffer )
*/
-int mbedtls_sha256_ret( const unsigned char *input,
+int mbedtls_sha256( const unsigned char *input,
size_t ilen,
unsigned char *output,
int is224 )
@@ -427,13 +427,13 @@
mbedtls_sha256_init( &ctx );
- if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 )
+ if( ( ret = mbedtls_sha256_starts( &ctx, is224 ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_sha256_update_ret( &ctx, input, ilen ) ) != 0 )
+ if( ( ret = mbedtls_sha256_update( &ctx, input, ilen ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_sha256_finish_ret( &ctx, output ) ) != 0 )
+ if( ( ret = mbedtls_sha256_finish( &ctx, output ) ) != 0 )
goto exit;
exit:
@@ -522,7 +522,7 @@
if( verbose != 0 )
mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
- if( ( ret = mbedtls_sha256_starts_ret( &ctx, k ) ) != 0 )
+ if( ( ret = mbedtls_sha256_starts( &ctx, k ) ) != 0 )
goto fail;
if( j == 2 )
@@ -531,7 +531,7 @@
for( j = 0; j < 1000; j++ )
{
- ret = mbedtls_sha256_update_ret( &ctx, buf, buflen );
+ ret = mbedtls_sha256_update( &ctx, buf, buflen );
if( ret != 0 )
goto fail;
}
@@ -539,13 +539,13 @@
}
else
{
- ret = mbedtls_sha256_update_ret( &ctx, sha256_test_buf[j],
+ ret = mbedtls_sha256_update( &ctx, sha256_test_buf[j],
sha256_test_buflen[j] );
if( ret != 0 )
goto fail;
}
- if( ( ret = mbedtls_sha256_finish_ret( &ctx, sha256sum ) ) != 0 )
+ if( ( ret = mbedtls_sha256_finish( &ctx, sha256sum ) ) != 0 )
goto fail;
diff --git a/library/sha512.c b/library/sha512.c
index 315e516..6511c6e 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -123,7 +123,7 @@
/*
* SHA-512 context setup
*/
-int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 )
+int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 )
{
SHA512_VALIDATE_RET( ctx != NULL );
#if defined(MBEDTLS_SHA384_C)
@@ -327,7 +327,7 @@
/*
* SHA-512 process buffer
*/
-int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx,
+int mbedtls_sha512_update( mbedtls_sha512_context *ctx,
const unsigned char *input,
size_t ilen )
{
@@ -379,7 +379,7 @@
/*
* SHA-512 final digest
*/
-int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx,
+int mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
unsigned char *output )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -451,7 +451,7 @@
/*
* output = SHA-512( input buffer )
*/
-int mbedtls_sha512_ret( const unsigned char *input,
+int mbedtls_sha512( const unsigned char *input,
size_t ilen,
unsigned char *output,
int is384 )
@@ -469,13 +469,13 @@
mbedtls_sha512_init( &ctx );
- if( ( ret = mbedtls_sha512_starts_ret( &ctx, is384 ) ) != 0 )
+ if( ( ret = mbedtls_sha512_starts( &ctx, is384 ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_sha512_update_ret( &ctx, input, ilen ) ) != 0 )
+ if( ( ret = mbedtls_sha512_update( &ctx, input, ilen ) ) != 0 )
goto exit;
- if( ( ret = mbedtls_sha512_finish_ret( &ctx, output ) ) != 0 )
+ if( ( ret = mbedtls_sha512_finish( &ctx, output ) ) != 0 )
goto exit;
exit:
@@ -591,7 +591,7 @@
if( verbose != 0 )
mbedtls_printf( " SHA-%d test #%d: ", 512 - k * 128, j + 1 );
- if( ( ret = mbedtls_sha512_starts_ret( &ctx, k ) ) != 0 )
+ if( ( ret = mbedtls_sha512_starts( &ctx, k ) ) != 0 )
goto fail;
if( j == 2 )
@@ -600,20 +600,20 @@
for( j = 0; j < 1000; j++ )
{
- ret = mbedtls_sha512_update_ret( &ctx, buf, buflen );
+ ret = mbedtls_sha512_update( &ctx, buf, buflen );
if( ret != 0 )
goto fail;
}
}
else
{
- ret = mbedtls_sha512_update_ret( &ctx, sha512_test_buf[j],
+ ret = mbedtls_sha512_update( &ctx, sha512_test_buf[j],
sha512_test_buflen[j] );
if( ret != 0 )
goto fail;
}
- if( ( ret = mbedtls_sha512_finish_ret( &ctx, sha512sum ) ) != 0 )
+ if( ( ret = mbedtls_sha512_finish( &ctx, sha512sum ) ) != 0 )
goto fail;
if( memcmp( sha512sum, sha512_test_sum[i], 64 - k * 16 ) != 0 )
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index ac2c50a..1bda9c0 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -31,6 +31,7 @@
#include "mbedtls/ssl_ciphersuites.h"
#include "mbedtls/ssl.h"
+#include "ssl_misc.h"
#include <string.h>
@@ -254,18 +255,6 @@
MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
- /* 3DES suites */
- MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
- MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
- MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
- MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
- MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
- MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
- MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
- MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
- MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
- MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA,
-
/* NULL suites */
MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA,
MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA,
@@ -471,18 +460,6 @@
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
- { MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
- MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
#if defined(MBEDTLS_SHA1_C)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
@@ -580,18 +557,6 @@
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
- { MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
- MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
#if defined(MBEDTLS_SHA1_C)
{ MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
@@ -726,17 +691,6 @@
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
- { MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
- MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
@@ -863,18 +817,6 @@
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
- { MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
- MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
@@ -963,18 +905,6 @@
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
- { MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHA",
- MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
#if defined(MBEDTLS_SHA1_C)
{ MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA",
@@ -1072,18 +1002,6 @@
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
- { MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
- MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
#if defined(MBEDTLS_SHA1_C)
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA",
@@ -1208,18 +1126,6 @@
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
- { MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-PSK-WITH-3DES-EDE-CBC-SHA",
- MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-
#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
@@ -1335,18 +1241,6 @@
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
- { MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
- MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
@@ -1405,18 +1299,6 @@
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#endif /* MBEDTLS_CAMELLIA_C */
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
- { MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
- MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
@@ -1510,18 +1392,6 @@
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
- { MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
- MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
- MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
- 0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@@ -2047,14 +1917,6 @@
{
(void)cs_info;
-#if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES)
- if( cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_ECB ||
- cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_CBC )
- {
- return( 1 );
- }
-#endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */
-
return( 0 );
}
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 6cf283e..9a44138 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1155,8 +1155,7 @@
/*
* Ciphersuite list
*/
- ciphersuites = mbedtls_ssl_get_protocol_version_ciphersuites( ssl->conf,
- ssl->minor_ver );
+ ciphersuites = ssl->conf->ciphersuite_list;
/* Skip writing ciphersuite length for now */
n = 0;
@@ -1664,7 +1663,8 @@
ssl->handshake->ecdh_ctx.point_format = p[0];
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- ssl->handshake->ecjpake_ctx.point_format = p[0];
+ mbedtls_ecjpake_set_point_format( &ssl->handshake->ecjpake_ctx,
+ p[0] );
#endif
MBEDTLS_SSL_DEBUG_MSG( 4, ( "point format selected: %d", p[0] ) );
return( 0 );
@@ -2244,7 +2244,7 @@
i = 0;
while( 1 )
{
- if( mbedtls_ssl_get_protocol_version_ciphersuites( ssl->conf, ssl->minor_ver )[i] == 0 )
+ if( ssl->conf->ciphersuite_list[i] == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
mbedtls_ssl_send_alert_message(
@@ -2254,7 +2254,7 @@
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
- if( mbedtls_ssl_get_protocol_version_ciphersuites( ssl->conf, ssl->minor_ver )[i++] ==
+ if( ssl->conf->ciphersuite_list[i++] ==
ssl->session_negotiate->ciphersuite )
{
break;
@@ -2554,7 +2554,7 @@
return( ret );
}
- dhm_actual_bitlen = mbedtls_mpi_bitlen( &ssl->handshake->dhm_ctx.P );
+ dhm_actual_bitlen = mbedtls_dhm_get_bitlen( &ssl->handshake->dhm_ctx );
if( dhm_actual_bitlen < ssl->conf->dhm_min_bitlen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %" MBEDTLS_PRINTF_SIZET " < %u",
@@ -3589,14 +3589,14 @@
/*
* DHM key exchange -- send G^X mod P
*/
- content_len = ssl->handshake->dhm_ctx.len;
+ content_len = mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx );
ssl->out_msg[4] = (unsigned char)( content_len >> 8 );
ssl->out_msg[5] = (unsigned char)( content_len );
header_len = 6;
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
- (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
+ (int) mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ),
&ssl->out_msg[header_len], content_len,
ssl->conf->f_rng, ssl->conf->p_rng );
if( ret != 0 )
@@ -3849,7 +3849,7 @@
/*
* ClientDiffieHellmanPublic public (DHM send G^X mod P)
*/
- content_len = ssl->handshake->dhm_ctx.len;
+ content_len = mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx );
if( header_len + 2 + content_len >
MBEDTLS_SSL_OUT_CONTENT_LEN )
@@ -3863,7 +3863,7 @@
ssl->out_msg[header_len++] = (unsigned char)( content_len );
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
- (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
+ (int) mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ),
&ssl->out_msg[header_len], content_len,
ssl->conf->f_rng, ssl->conf->p_rng );
if( ret != 0 )
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 1f1de2b..d25bc55 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -65,6 +65,16 @@
#define inline __inline
#endif
+/* Legacy minor version numbers as defined by:
+ * - RFC 2246: ProtocolVersion version = { 3, 1 }; // TLS v1.0
+ * - RFC 4346: ProtocolVersion version = { 3, 2 }; // TLS v1.1
+ *
+ * We no longer support these versions, but some code still references those
+ * constants, for keep them for now until we clean up that code.
+ */
+#define MBEDTLS_SSL_MINOR_VERSION_1 1
+#define MBEDTLS_SSL_MINOR_VERSION_2 2
+
/* Determine minimum supported version */
#define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
@@ -164,7 +174,7 @@
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-#define MBEDTLS_SSL_MAX_CID_EXPANSION MBEDTLS_SSL_CID_PADDING_GRANULARITY
+#define MBEDTLS_SSL_MAX_CID_EXPANSION MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY
#else
#define MBEDTLS_SSL_MAX_CID_EXPANSION 0
#endif
@@ -245,6 +255,39 @@
+ ( MBEDTLS_SSL_CID_OUT_LEN_MAX ) )
#endif
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+/**
+ * \brief Return the maximum fragment length (payload, in bytes) for
+ * the output buffer. For the client, this is the configured
+ * value. For the server, it is the minimum of two - the
+ * configured value and the negotiated one.
+ *
+ * \sa mbedtls_ssl_conf_max_frag_len()
+ * \sa mbedtls_ssl_get_max_out_record_payload()
+ *
+ * \param ssl SSL context
+ *
+ * \return Current maximum fragment length for the output buffer.
+ */
+size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl );
+
+/**
+ * \brief Return the maximum fragment length (payload, in bytes) for
+ * the input buffer. This is the negotiated maximum fragment
+ * length, or, if there is none, MBEDTLS_SSL_IN_CONTENT_LEN.
+ * If it is not defined either, the value is 2^14. This function
+ * works as its predecessor, \c mbedtls_ssl_get_max_frag_len().
+ *
+ * \sa mbedtls_ssl_conf_max_frag_len()
+ * \sa mbedtls_ssl_get_max_in_record_payload()
+ *
+ * \param ssl SSL context
+ *
+ * \return Current maximum fragment length for the output buffer.
+ */
+size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl );
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
static inline size_t mbedtls_ssl_get_output_buflen( const mbedtls_ssl_context *ctx )
{
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index a75b919..0fa206b 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -579,7 +579,7 @@
{
size_t padding =
ssl_compute_padding_length( rec->data_len,
- MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY );
+ MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY );
if( ssl_build_inner_plaintext( data,
&rec->data_len,
post_avail,
@@ -605,7 +605,7 @@
{
size_t padding =
ssl_compute_padding_length( rec->data_len,
- MBEDTLS_SSL_CID_PADDING_GRANULARITY );
+ MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY );
/*
* Wrap plaintext into DTLSInnerPlaintext structure.
* See ssl_build_inner_plaintext() for more information.
@@ -1148,6 +1148,9 @@
MD_CHK( mbedtls_md_update( ctx, data + offset, 1 ) );
}
+ /* The context needs to finish() before it starts() again */
+ MD_CHK( mbedtls_md_finish( ctx, aux_out ) );
+
/* Now compute HASH(okey + inner_hash) */
MD_CHK( mbedtls_md_starts( ctx ) );
MD_CHK( mbedtls_md_update( ctx, okey, block_size ) );
@@ -4499,14 +4502,12 @@
return( ret );
}
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
if( ssl->conf->badmac_limit != 0 &&
++ssl->badmac_seen >= ssl->conf->badmac_limit )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "too many records with bad MAC" ) );
return( MBEDTLS_ERR_SSL_INVALID_MAC );
}
-#endif
/* As above, invalid records cause
* dismissal of the whole datagram. */
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 8f13a2c..29569d1 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -407,7 +407,8 @@
ssl->handshake->ecdh_ctx.point_format = p[0];
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- ssl->handshake->ecjpake_ctx.point_format = p[0];
+ mbedtls_ecjpake_set_point_format( &ssl->handshake->ecjpake_ctx,
+ p[0] );
#endif
MBEDTLS_SSL_DEBUG_MSG( 4, ( "point format selected: %d", p[0] ) );
return( 0 );
@@ -1870,29 +1871,45 @@
* and certificate from the SNI callback triggered by the SNI extension.)
*/
got_common_suite = 0;
- ciphersuites = mbedtls_ssl_get_protocol_version_ciphersuites( ssl->conf, ssl->minor_ver );
+ ciphersuites = ssl->conf->ciphersuite_list;
ciphersuite_info = NULL;
-#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
- for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
- for( i = 0; ciphersuites[i] != 0; i++ )
-#else
- for( i = 0; ciphersuites[i] != 0; i++ )
+
+ if (ssl->conf->respect_cli_pref == MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT)
+ {
for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
-#endif
- {
- if( p[0] != ( ( ciphersuites[i] >> 8 ) & 0xFF ) ||
- p[1] != ( ( ciphersuites[i] ) & 0xFF ) )
- continue;
+ for( i = 0; ciphersuites[i] != 0; i++ )
+ {
+ if( p[0] != ( ( ciphersuites[i] >> 8 ) & 0xFF ) ||
+ p[1] != ( ( ciphersuites[i] ) & 0xFF ) )
+ continue;
- got_common_suite = 1;
+ got_common_suite = 1;
- if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
- &ciphersuite_info ) ) != 0 )
- return( ret );
+ if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
+ &ciphersuite_info ) ) != 0 )
+ return( ret );
- if( ciphersuite_info != NULL )
- goto have_ciphersuite;
- }
+ if( ciphersuite_info != NULL )
+ goto have_ciphersuite;
+ }
+ } else {
+ for( i = 0; ciphersuites[i] != 0; i++ )
+ for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
+ {
+ if( p[0] != ( ( ciphersuites[i] >> 8 ) & 0xFF ) ||
+ p[1] != ( ( ciphersuites[i] ) & 0xFF ) )
+ continue;
+
+ got_common_suite = 1;
+
+ if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
+ &ciphersuite_info ) ) != 0 )
+ return( ret );
+
+ if( ciphersuite_info != NULL )
+ goto have_ciphersuite;
+ }
+ }
if( got_common_suite )
{
@@ -3049,7 +3066,7 @@
if( ( ret = mbedtls_dhm_make_params(
&ssl->handshake->dhm_ctx,
- (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
+ (int) mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ),
ssl->out_msg + ssl->out_msglen, &len,
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{
@@ -4416,4 +4433,10 @@
return( ret );
}
+
+void mbedtls_ssl_conf_preference_order( mbedtls_ssl_config *conf, int order )
+{
+ conf->respect_cli_pref = order;
+}
+
#endif /* MBEDTLS_SSL_SRV_C */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e60c072..5c1bc32 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1429,7 +1429,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) );
mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 );
- mbedtls_sha256_finish_ret( &sha256, hash );
+ mbedtls_sha256_finish( &sha256, hash );
*hlen = 32;
@@ -1478,7 +1478,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) );
mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 );
- mbedtls_sha512_finish_ret( &sha512, hash );
+ mbedtls_sha512_finish( &sha512, hash );
*hlen = 48;
@@ -2490,7 +2490,7 @@
psa_hash_abort( &ssl->handshake->fin_sha256_psa );
psa_hash_setup( &ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256 );
#else
- mbedtls_sha256_starts_ret( &ssl->handshake->fin_sha256, 0 );
+ mbedtls_sha256_starts( &ssl->handshake->fin_sha256, 0 );
#endif
#endif
#if defined(MBEDTLS_SHA384_C)
@@ -2498,7 +2498,7 @@
psa_hash_abort( &ssl->handshake->fin_sha384_psa );
psa_hash_setup( &ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384 );
#else
- mbedtls_sha512_starts_ret( &ssl->handshake->fin_sha512, 1 );
+ mbedtls_sha512_starts( &ssl->handshake->fin_sha512, 1 );
#endif
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@@ -2512,14 +2512,14 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len );
#else
- mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len );
+ mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len );
#endif
#endif
#if defined(MBEDTLS_SHA384_C)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len );
#else
- mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len );
+ mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len );
#endif
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@@ -2533,7 +2533,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len );
#else
- mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len );
+ mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len );
#endif
}
#endif
@@ -2545,7 +2545,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len );
#else
- mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len );
+ mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len );
#endif
}
#endif
@@ -2613,7 +2613,7 @@
sha256.state, sizeof( sha256.state ) );
#endif
- mbedtls_sha256_finish_ret( &sha256, padbuf );
+ mbedtls_sha256_finish( &sha256, padbuf );
mbedtls_sha256_free( &sha256 );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -2688,7 +2688,7 @@
MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *)
sha512.state, sizeof( sha512.state ) );
#endif
- mbedtls_sha512_finish_ret( &sha512, padbuf );
+ mbedtls_sha512_finish( &sha512, padbuf );
mbedtls_sha512_free( &sha512 );
#endif
@@ -2988,7 +2988,7 @@
psa_hash_setup( &handshake->fin_sha256_psa, PSA_ALG_SHA_256 );
#else
mbedtls_sha256_init( &handshake->fin_sha256 );
- mbedtls_sha256_starts_ret( &handshake->fin_sha256, 0 );
+ mbedtls_sha256_starts( &handshake->fin_sha256, 0 );
#endif
#endif
#if defined(MBEDTLS_SHA384_C)
@@ -2997,7 +2997,7 @@
psa_hash_setup( &handshake->fin_sha384_psa, PSA_ALG_SHA_384 );
#else
mbedtls_sha512_init( &handshake->fin_sha512 );
- mbedtls_sha512_starts_ret( &handshake->fin_sha512, 1 );
+ mbedtls_sha512_starts( &handshake->fin_sha512, 1 );
#endif
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@@ -3390,12 +3390,10 @@
}
#endif
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit )
{
conf->badmac_limit = limit;
}
-#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -3516,73 +3514,10 @@
}
#endif /* MBEDTLS_SSL_CLI_C */
-static int protocol_version_to_ciphersuites_list_index(int prot_version)
-{
- switch(prot_version) {
- case MBEDTLS_SSL_MINOR_VERSION_1:
- return 0;
- case MBEDTLS_SSL_MINOR_VERSION_2:
- return 1;
- case MBEDTLS_SSL_MINOR_VERSION_3:
- return 2;
- default:
- return -1;
- };
-}
-
-static void set_protocol_version_ciphersuites( mbedtls_ssl_config *conf,
- int prot_version,
- const int* ciphersuites )
-{
- int ciphersuite_list_index =
- protocol_version_to_ciphersuites_list_index(prot_version);
- if ( ciphersuite_list_index >= 0 &&
- (unsigned int)ciphersuite_list_index <
- sizeof(conf->ciphersuite_list)/sizeof(conf->ciphersuite_list[0]) )
- {
- conf->ciphersuite_list[ciphersuite_list_index] = ciphersuites;
- }
-}
-
void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
const int *ciphersuites )
{
- set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_1,
- ciphersuites);
- set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_2,
- ciphersuites);
- set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_3,
- ciphersuites);
-}
-
-const int *mbedtls_ssl_get_protocol_version_ciphersuites(
- const mbedtls_ssl_config *conf, int prot_version )
-{
- int ciphersuite_list_index =
- protocol_version_to_ciphersuites_list_index(prot_version);
- if ( ciphersuite_list_index >= 0 &&
- (unsigned int)ciphersuite_list_index <
- sizeof(conf->ciphersuite_list)/sizeof(conf->ciphersuite_list[0]) )
- {
- return conf->ciphersuite_list[ciphersuite_list_index];
- }
- else
- {
- return NULL;
- }
-}
-
-void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf,
- const int *ciphersuites,
- int major, int minor )
-{
- if( major != MBEDTLS_SSL_MAJOR_VERSION_3 )
- return;
-
- if( minor != MBEDTLS_SSL_MINOR_VERSION_3 )
- return;
-
- set_protocol_version_ciphersuites(conf, minor, ciphersuites);
+ conf->ciphersuite_list = ciphersuites;
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -3723,6 +3658,19 @@
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+static int ssl_conf_psk_is_configured( mbedtls_ssl_config const *conf )
+{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( !mbedtls_svc_key_id_is_null( conf->psk_opaque ) )
+ return( 1 );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if( conf->psk != NULL )
+ return( 1 );
+
+ return( 0 );
+}
+
static void ssl_conf_remove_psk( mbedtls_ssl_config *conf )
{
/* Remove reference to existing PSK, if any. */
@@ -3788,8 +3736,10 @@
const unsigned char *psk_identity, size_t psk_identity_len )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- /* Remove opaque/raw PSK + PSK Identity */
- ssl_conf_remove_psk( conf );
+
+ /* We currently only support one PSK, raw or opaque. */
+ if( ssl_conf_psk_is_configured( conf ) )
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
/* Check and set raw PSK */
if( psk == NULL )
@@ -3857,8 +3807,10 @@
size_t psk_identity_len )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- /* Clear opaque/raw PSK + PSK Identity, if present. */
- ssl_conf_remove_psk( conf );
+
+ /* We currently only support one PSK, raw or opaque. */
+ if( ssl_conf_psk_is_configured( conf ) )
+ return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
/* Check and set opaque PSK */
if( mbedtls_svc_key_id_is_null( psk ) )
@@ -3919,8 +3871,10 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( ( ret = mbedtls_mpi_copy( &conf->dhm_P, &dhm_ctx->P ) ) != 0 ||
- ( ret = mbedtls_mpi_copy( &conf->dhm_G, &dhm_ctx->G ) ) != 0 )
+ if( ( ret = mbedtls_dhm_get_value( dhm_ctx, MBEDTLS_DHM_PARAM_P,
+ &conf->dhm_P ) ) != 0 ||
+ ( ret = mbedtls_dhm_get_value( dhm_ctx, MBEDTLS_DHM_PARAM_G,
+ &conf->dhm_G ) ) != 0 )
{
mbedtls_mpi_free( &conf->dhm_P );
mbedtls_mpi_free( &conf->dhm_G );
@@ -4475,6 +4429,24 @@
return( (int) max_len );
}
+int mbedtls_ssl_get_max_in_record_payload( const mbedtls_ssl_context *ssl )
+{
+ size_t max_len = MBEDTLS_SSL_IN_CONTENT_LEN;
+
+#if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ (void) ssl;
+#endif
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ const size_t mfl = mbedtls_ssl_get_input_max_frag_len( ssl );
+
+ if( max_len > mfl )
+ max_len = mfl;
+#endif
+
+ return( (int) max_len );
+}
+
#if defined(MBEDTLS_X509_CRT_PARSE_C)
const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl )
{
@@ -5418,11 +5390,7 @@
#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_CONNECTION_ID 0u
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT 1u
-#else
-#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_BADMAC_LIMIT 0u
-#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
#define SSL_SERIALIZED_CONTEXT_CONFIG_DTLS_ANTI_REPLAY 1u
@@ -5639,7 +5607,6 @@
/*
* Saved fields from top-level ssl_context structure
*/
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
used += 4;
if( used <= buf_len )
{
@@ -5648,7 +5615,6 @@
*p++ = (unsigned char)( ( ssl->badmac_seen >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ssl->badmac_seen ) & 0xFF );
}
-#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
used += 16;
@@ -5904,7 +5870,6 @@
/*
* Saved fields from top-level ssl_context structure
*/
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
if( (size_t)( end - p ) < 4 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@@ -5913,7 +5878,6 @@
( (uint32_t) p[2] << 8 ) |
( (uint32_t) p[3] );
p += 4;
-#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
if( (size_t)( end - p ) < 16 )
@@ -6227,6 +6191,7 @@
#if defined(MBEDTLS_SSL_SRV_C)
conf->cert_req_ca_list = MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED;
+ conf->respect_cli_pref = MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER;
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -6271,12 +6236,7 @@
conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
- set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_1,
- ssl_preset_suiteb_ciphersuites);
- set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_2,
- ssl_preset_suiteb_ciphersuites);
- set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_3,
- ssl_preset_suiteb_ciphersuites);
+ conf->ciphersuite_list = ssl_preset_suiteb_ciphersuites;
#if defined(MBEDTLS_X509_CRT_PARSE_C)
conf->cert_profile = &mbedtls_x509_crt_profile_suiteb;
@@ -6310,13 +6270,7 @@
if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
#endif
- const int* default_ciphersuites = mbedtls_ssl_list_ciphersuites();
- set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_1,
- default_ciphersuites);
- set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_2,
- default_ciphersuites);
- set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_3,
- default_ciphersuites);
+ conf->ciphersuite_list = mbedtls_ssl_list_ciphersuites();
#if defined(MBEDTLS_X509_CRT_PARSE_C)
conf->cert_profile = &mbedtls_x509_crt_profile_default;
@@ -6593,22 +6547,10 @@
uint32_t *flags )
{
int ret = 0;
-#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
int usage = 0;
-#endif
-#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
const char *ext_oid;
size_t ext_len;
-#endif
-#if !defined(MBEDTLS_X509_CHECK_KEY_USAGE) && \
- !defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
- ((void) cert);
- ((void) cert_endpoint);
- ((void) flags);
-#endif
-
-#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
if( cert_endpoint == MBEDTLS_SSL_IS_SERVER )
{
/* Server part of the key exchange */
@@ -6650,11 +6592,7 @@
*flags |= MBEDTLS_X509_BADCERT_KEY_USAGE;
ret = -1;
}
-#else
- ((void) ciphersuite);
-#endif /* MBEDTLS_X509_CHECK_KEY_USAGE */
-#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
if( cert_endpoint == MBEDTLS_SSL_IS_SERVER )
{
ext_oid = MBEDTLS_OID_SERVER_AUTH;
@@ -6671,7 +6609,6 @@
*flags |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE;
ret = -1;
}
-#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
return( ret );
}
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 4e8fb43..f1c8a12 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -24,6 +24,7 @@
#include "mbedtls/hkdf.h"
#include "ssl_misc.h"
#include "ssl_tls13_keys.h"
+#include "mbedtls/debug.h"
#include <stdint.h>
#include <string.h>
@@ -346,4 +347,356 @@
return( ret );
}
+int mbedtls_ssl_tls1_3_derive_early_secrets(
+ mbedtls_md_type_t md_type,
+ unsigned char const *early_secret,
+ unsigned char const *transcript, size_t transcript_len,
+ mbedtls_ssl_tls1_3_early_secrets *derived )
+{
+ int ret;
+ mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
+ size_t const md_size = mbedtls_md_get_size( md_info );
+
+ /* We should never call this function with an unknown hash,
+ * but add an assertion anyway. */
+ if( md_info == 0 )
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+ /*
+ * 0
+ * |
+ * v
+ * PSK -> HKDF-Extract = Early Secret
+ * |
+ * +-----> Derive-Secret(., "c e traffic", ClientHello)
+ * | = client_early_traffic_secret
+ * |
+ * +-----> Derive-Secret(., "e exp master", ClientHello)
+ * | = early_exporter_master_secret
+ * v
+ */
+
+ /* Create client_early_traffic_secret */
+ ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
+ early_secret, md_size,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( c_e_traffic ),
+ transcript, transcript_len,
+ MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+ derived->client_early_traffic_secret,
+ md_size );
+ if( ret != 0 )
+ return( ret );
+
+ /* Create early exporter */
+ ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
+ early_secret, md_size,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( e_exp_master ),
+ transcript, transcript_len,
+ MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+ derived->early_exporter_master_secret,
+ md_size );
+ if( ret != 0 )
+ return( ret );
+
+ return( 0 );
+}
+
+int mbedtls_ssl_tls1_3_derive_handshake_secrets(
+ mbedtls_md_type_t md_type,
+ unsigned char const *handshake_secret,
+ unsigned char const *transcript, size_t transcript_len,
+ mbedtls_ssl_tls1_3_handshake_secrets *derived )
+{
+ int ret;
+ mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
+ size_t const md_size = mbedtls_md_get_size( md_info );
+
+ /* We should never call this function with an unknown hash,
+ * but add an assertion anyway. */
+ if( md_info == 0 )
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+ /*
+ *
+ * Handshake Secret
+ * |
+ * +-----> Derive-Secret( ., "c hs traffic",
+ * | ClientHello...ServerHello )
+ * | = client_handshake_traffic_secret
+ * |
+ * +-----> Derive-Secret( ., "s hs traffic",
+ * | ClientHello...ServerHello )
+ * | = server_handshake_traffic_secret
+ *
+ */
+
+ /*
+ * Compute client_handshake_traffic_secret with
+ * Derive-Secret( ., "c hs traffic", ClientHello...ServerHello )
+ */
+
+ ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
+ handshake_secret, md_size,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( c_hs_traffic ),
+ transcript, transcript_len,
+ MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+ derived->client_handshake_traffic_secret,
+ md_size );
+ if( ret != 0 )
+ return( ret );
+
+ /*
+ * Compute server_handshake_traffic_secret with
+ * Derive-Secret( ., "s hs traffic", ClientHello...ServerHello )
+ */
+
+ ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
+ handshake_secret, md_size,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( s_hs_traffic ),
+ transcript, transcript_len,
+ MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+ derived->server_handshake_traffic_secret,
+ md_size );
+ if( ret != 0 )
+ return( ret );
+
+ return( 0 );
+}
+
+int mbedtls_ssl_tls1_3_derive_application_secrets(
+ mbedtls_md_type_t md_type,
+ unsigned char const *application_secret,
+ unsigned char const *transcript, size_t transcript_len,
+ mbedtls_ssl_tls1_3_application_secrets *derived )
+{
+ int ret;
+ mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
+ size_t const md_size = mbedtls_md_get_size( md_info );
+
+ /* We should never call this function with an unknown hash,
+ * but add an assertion anyway. */
+ if( md_info == 0 )
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+ /* Generate {client,server}_application_traffic_secret_0
+ *
+ * Master Secret
+ * |
+ * +-----> Derive-Secret( ., "c ap traffic",
+ * | ClientHello...server Finished )
+ * | = client_application_traffic_secret_0
+ * |
+ * +-----> Derive-Secret( ., "s ap traffic",
+ * | ClientHello...Server Finished )
+ * | = server_application_traffic_secret_0
+ * |
+ * +-----> Derive-Secret( ., "exp master",
+ * | ClientHello...server Finished)
+ * | = exporter_master_secret
+ *
+ */
+
+ ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
+ application_secret, md_size,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( c_ap_traffic ),
+ transcript, transcript_len,
+ MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+ derived->client_application_traffic_secret_N,
+ md_size );
+ if( ret != 0 )
+ return( ret );
+
+ ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
+ application_secret, md_size,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( s_ap_traffic ),
+ transcript, transcript_len,
+ MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+ derived->server_application_traffic_secret_N,
+ md_size );
+ if( ret != 0 )
+ return( ret );
+
+ ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
+ application_secret, md_size,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( exp_master ),
+ transcript, transcript_len,
+ MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+ derived->exporter_master_secret,
+ md_size );
+ if( ret != 0 )
+ return( ret );
+
+ return( 0 );
+}
+
+/* Generate resumption_master_secret for use with the ticket exchange.
+ *
+ * This is not integrated with mbedtls_ssl_tls1_3_derive_application_secrets()
+ * because it uses the transcript hash up to and including ClientFinished. */
+int mbedtls_ssl_tls1_3_derive_resumption_master_secret(
+ mbedtls_md_type_t md_type,
+ unsigned char const *application_secret,
+ unsigned char const *transcript, size_t transcript_len,
+ mbedtls_ssl_tls1_3_application_secrets *derived )
+{
+ int ret;
+ mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
+ size_t const md_size = mbedtls_md_get_size( md_info );
+
+ /* We should never call this function with an unknown hash,
+ * but add an assertion anyway. */
+ if( md_info == 0 )
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+ ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
+ application_secret, md_size,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( res_master ),
+ transcript, transcript_len,
+ MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED,
+ derived->resumption_master_secret,
+ md_size );
+
+ if( ret != 0 )
+ return( ret );
+
+ return( 0 );
+}
+
+static int ssl_tls1_3_calc_finished_core( mbedtls_md_type_t md_type,
+ unsigned char const *base_key,
+ unsigned char const *transcript,
+ unsigned char *dst )
+{
+ const mbedtls_md_info_t* const md_info = mbedtls_md_info_from_type( md_type );
+ size_t const md_size = mbedtls_md_get_size( md_info );
+ unsigned char finished_key[MBEDTLS_MD_MAX_SIZE];
+ int ret;
+
+ /* We should never call this function with an unknown hash,
+ * but add an assertion anyway. */
+ if( md_info == 0 )
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+ /* TLS 1.3 Finished message
+ *
+ * struct {
+ * opaque verify_data[Hash.length];
+ * } Finished;
+ *
+ * verify_data =
+ * HMAC( finished_key,
+ * Hash( Handshake Context +
+ * Certificate* +
+ * CertificateVerify* )
+ * )
+ *
+ * finished_key =
+ * HKDF-Expand-Label( BaseKey, "finished", "", Hash.length )
+ */
+
+ ret = mbedtls_ssl_tls1_3_hkdf_expand_label(
+ md_type, base_key, md_size,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( finished ),
+ NULL, 0,
+ finished_key, md_size );
+ if( ret != 0 )
+ goto exit;
+
+ ret = mbedtls_md_hmac( md_info, finished_key, md_size, transcript, md_size, dst );
+ if( ret != 0 )
+ goto exit;
+
+exit:
+
+ mbedtls_platform_zeroize( finished_key, sizeof( finished_key ) );
+ return( ret );
+}
+
+int mbedtls_ssl_tls1_3_create_psk_binder( mbedtls_ssl_context *ssl,
+ const mbedtls_md_type_t md_type,
+ unsigned char const *psk, size_t psk_len,
+ int psk_type,
+ unsigned char const *transcript,
+ unsigned char *result )
+{
+ int ret = 0;
+ unsigned char binder_key[MBEDTLS_MD_MAX_SIZE];
+ unsigned char early_secret[MBEDTLS_MD_MAX_SIZE];
+ mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type( md_type );
+ size_t const md_size = mbedtls_md_get_size( md_info );
+
+#if !defined(MBEDTLS_DEBUG_C)
+ ssl = NULL; /* make sure we don't use it except for debug */
+ ((void) ssl);
+#endif
+
+ /* We should never call this function with an unknown hash,
+ * but add an assertion anyway. */
+ if( md_info == 0 )
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+ /*
+ * 0
+ * |
+ * v
+ * PSK -> HKDF-Extract = Early Secret
+ * |
+ * +-----> Derive-Secret(., "ext binder" | "res binder", "")
+ * | = binder_key
+ * v
+ */
+
+ ret = mbedtls_ssl_tls1_3_evolve_secret( md_type,
+ NULL, /* Old secret */
+ psk, psk_len, /* Input */
+ early_secret );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_evolve_secret", ret );
+ goto exit;
+ }
+
+ if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION )
+ {
+ ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
+ early_secret, md_size,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( res_binder ),
+ NULL, 0, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED,
+ binder_key, md_size );
+ MBEDTLS_SSL_DEBUG_MSG( 4, ( "Derive Early Secret with 'res binder'" ) );
+ }
+ else
+ {
+ ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
+ early_secret, md_size,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( ext_binder ),
+ NULL, 0, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED,
+ binder_key, md_size );
+ MBEDTLS_SSL_DEBUG_MSG( 4, ( "Derive Early Secret with 'ext binder'" ) );
+ }
+
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_derive_secret", ret );
+ goto exit;
+ }
+
+ /*
+ * The binding_value is computed in the same way as the Finished message
+ * but with the BaseKey being the binder_key.
+ */
+
+ ret = ssl_tls1_3_calc_finished_core( md_type, binder_key, transcript, result );
+ if( ret != 0 )
+ goto exit;
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "psk binder", result, md_size );
+
+exit:
+
+ mbedtls_platform_zeroize( early_secret, sizeof( early_secret ) );
+ mbedtls_platform_zeroize( binder_key, sizeof( binder_key ) );
+ return( ret );
+}
+
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 7089049..3b96998 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -70,6 +70,27 @@
#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN \
MBEDTLS_MD_MAX_SIZE
+typedef struct
+{
+ unsigned char binder_key [ MBEDTLS_MD_MAX_SIZE ];
+ unsigned char client_early_traffic_secret [ MBEDTLS_MD_MAX_SIZE ];
+ unsigned char early_exporter_master_secret[ MBEDTLS_MD_MAX_SIZE ];
+} mbedtls_ssl_tls1_3_early_secrets;
+
+typedef struct
+{
+ unsigned char client_handshake_traffic_secret[ MBEDTLS_MD_MAX_SIZE ];
+ unsigned char server_handshake_traffic_secret[ MBEDTLS_MD_MAX_SIZE ];
+} mbedtls_ssl_tls1_3_handshake_secrets;
+
+typedef struct
+{
+ unsigned char client_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
+ unsigned char server_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
+ unsigned char exporter_master_secret [ MBEDTLS_MD_MAX_SIZE ];
+ unsigned char resumption_master_secret [ MBEDTLS_MD_MAX_SIZE ];
+} mbedtls_ssl_tls1_3_application_secrets;
+
/* Maximum desired length for expanded key material generated
* by HKDF-Expand-Label.
*
@@ -199,6 +220,179 @@
unsigned char *dstbuf, size_t buflen );
/**
+ * \brief Derive TLS 1.3 early data key material from early secret.
+ *
+ * This is a small wrapper invoking mbedtls_ssl_tls1_3_derive_secret()
+ * with the appropriate labels.
+ *
+ * <tt>
+ * Early Secret
+ * |
+ * +-----> Derive-Secret(., "c e traffic", ClientHello)
+ * | = client_early_traffic_secret
+ * |
+ * +-----> Derive-Secret(., "e exp master", ClientHello)
+ * . = early_exporter_master_secret
+ * .
+ * .
+ * </tt>
+ *
+ * \note To obtain the actual key and IV for the early data traffic,
+ * the client secret derived by this function need to be
+ * further processed by mbedtls_ssl_tls1_3_make_traffic_keys().
+ *
+ * \note The binder key, which is also generated from the early secret,
+ * is omitted here. Its calculation is part of the separate routine
+ * mbedtls_ssl_tls1_3_create_psk_binder().
+ *
+ * \param md_type The hash algorithm associated with the PSK for which
+ * early data key material is being derived.
+ * \param early_secret The early secret from which the early data key material
+ * should be derived. This must be a readable buffer whose
+ * length is the digest size of the hash algorithm
+ * represented by \p md_size.
+ * \param transcript The transcript of the handshake so far, calculated with
+ * respect to \p md_type. This must be a readable buffer
+ * whose length is the digest size of the hash algorithm
+ * represented by \p md_size.
+ * \param derived The address of the structure in which to store
+ * the early data key material.
+ *
+ * \returns \c 0 on success.
+ * \returns A negative error code on failure.
+ */
+int mbedtls_ssl_tls1_3_derive_early_secrets(
+ mbedtls_md_type_t md_type,
+ unsigned char const *early_secret,
+ unsigned char const *transcript, size_t transcript_len,
+ mbedtls_ssl_tls1_3_early_secrets *derived );
+
+/**
+ * \brief Derive TLS 1.3 handshake key material from the handshake secret.
+ *
+ * This is a small wrapper invoking mbedtls_ssl_tls1_3_derive_secret()
+ * with the appropriate labels from the standard.
+ *
+ * <tt>
+ * Handshake Secret
+ * |
+ * +-----> Derive-Secret( ., "c hs traffic",
+ * | ClientHello...ServerHello )
+ * | = client_handshake_traffic_secret
+ * |
+ * +-----> Derive-Secret( ., "s hs traffic",
+ * . ClientHello...ServerHello )
+ * . = server_handshake_traffic_secret
+ * .
+ * </tt>
+ *
+ * \note To obtain the actual key and IV for the encrypted handshake traffic,
+ * the client and server secret derived by this function need to be
+ * further processed by mbedtls_ssl_tls1_3_make_traffic_keys().
+ *
+ * \param md_type The hash algorithm associated with the ciphersuite
+ * that's being used for the connection.
+ * \param handshake_secret The handshake secret from which the handshake key
+ * material should be derived. This must be a readable
+ * buffer whose length is the digest size of the hash
+ * algorithm represented by \p md_size.
+ * \param transcript The transcript of the handshake so far, calculated
+ * with respect to \p md_type. This must be a readable
+ * buffer whose length is the digest size of the hash
+ * algorithm represented by \p md_size.
+ * \param derived The address of the structure in which to
+ * store the handshake key material.
+ *
+ * \returns \c 0 on success.
+ * \returns A negative error code on failure.
+ */
+int mbedtls_ssl_tls1_3_derive_handshake_secrets(
+ mbedtls_md_type_t md_type,
+ unsigned char const *handshake_secret,
+ unsigned char const *transcript, size_t transcript_len,
+ mbedtls_ssl_tls1_3_handshake_secrets *derived );
+
+/**
+ * \brief Derive TLS 1.3 application key material from the master secret.
+ *
+ * This is a small wrapper invoking mbedtls_ssl_tls1_3_derive_secret()
+ * with the appropriate labels from the standard.
+ *
+ * <tt>
+ * Master Secret
+ * |
+ * +-----> Derive-Secret( ., "c ap traffic",
+ * | ClientHello...server Finished )
+ * | = client_application_traffic_secret_0
+ * |
+ * +-----> Derive-Secret( ., "s ap traffic",
+ * | ClientHello...Server Finished )
+ * | = server_application_traffic_secret_0
+ * |
+ * +-----> Derive-Secret( ., "exp master",
+ * . ClientHello...server Finished)
+ * . = exporter_master_secret
+ * .
+ * </tt>
+ *
+ * \note To obtain the actual key and IV for the (0-th) application traffic,
+ * the client and server secret derived by this function need to be
+ * further processed by mbedtls_ssl_tls1_3_make_traffic_keys().
+ *
+ * \param md_type The hash algorithm associated with the ciphersuite
+ * that's being used for the connection.
+ * \param master_secret The master secret from which the application key
+ * material should be derived. This must be a readable
+ * buffer whose length is the digest size of the hash
+ * algorithm represented by \p md_size.
+ * \param transcript The transcript of the handshake up to and including
+ * the ServerFinished message, calculated with respect
+ * to \p md_type. This must be a readable buffer whose
+ * length is the digest size of the hash algorithm
+ * represented by \p md_type.
+ * \param derived The address of the structure in which to
+ * store the application key material.
+ *
+ * \returns \c 0 on success.
+ * \returns A negative error code on failure.
+ */
+int mbedtls_ssl_tls1_3_derive_application_secrets(
+ mbedtls_md_type_t md_type,
+ unsigned char const *master_secret,
+ unsigned char const *transcript, size_t transcript_len,
+ mbedtls_ssl_tls1_3_application_secrets *derived );
+
+/**
+ * \brief Derive TLS 1.3 resumption master secret from the master secret.
+ *
+ * This is a small wrapper invoking mbedtls_ssl_tls1_3_derive_secret()
+ * with the appropriate labels from the standard.
+ *
+ * \param md_type The hash algorithm used in the application for which
+ * key material is being derived.
+ * \param application_secret The application secret from which the resumption master
+ * secret should be derived. This must be a readable
+ * buffer whose length is the digest size of the hash
+ * algorithm represented by \p md_size.
+ * \param transcript The transcript of the handshake up to and including
+ * the ClientFinished message, calculated with respect
+ * to \p md_type. This must be a readable buffer whose
+ * length is the digest size of the hash algorithm
+ * represented by \p md_type.
+ * \param transcript_len The length of \p transcript in Bytes.
+ * \param derived The address of the structure in which to
+ * store the resumption master secret.
+ *
+ * \returns \c 0 on success.
+ * \returns A negative error code on failure.
+ */
+int mbedtls_ssl_tls1_3_derive_resumption_master_secret(
+ mbedtls_md_type_t md_type,
+ unsigned char const *application_secret,
+ unsigned char const *transcript, size_t transcript_len,
+ mbedtls_ssl_tls1_3_application_secrets *derived );
+
+/**
* \brief Compute the next secret in the TLS 1.3 key schedule
*
* The TLS 1.3 key schedule proceeds as follows to compute
@@ -271,4 +465,37 @@
const unsigned char *input, size_t input_len,
unsigned char *secret_new );
+#define MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL 0
+#define MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION 1
+
+/**
+ * \brief Calculate a TLS 1.3 PSK binder.
+ *
+ * \param ssl The SSL context. This is used for debugging only and may
+ * be \c NULL if MBEDTLS_DEBUG_C is disabled.
+ * \param md_type The hash algorithm associated to the PSK \p psk.
+ * \param psk The buffer holding the PSK for which to create a binder.
+ * \param psk_len The size of \p psk in bytes.
+ * \param psk_type This indicates whether the PSK \p psk is externally
+ * provisioned (#MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL) or a
+ * resumption PSK (#MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION).
+ * \param transcript The handshake transcript up to the point where the
+ * PSK binder calculation happens. This must be readable,
+ * and its size must be equal to the digest size of
+ * the hash algorithm represented by \p md_type.
+ * \param result The address at which to store the PSK binder on success.
+ * This must be writable, and its size must be equal to the
+ * digest size of the hash algorithm represented by
+ * \p md_type.
+ *
+ * \returns \c 0 on success.
+ * \returns A negative error code on failure.
+ */
+int mbedtls_ssl_tls1_3_create_psk_binder( mbedtls_ssl_context *ssl,
+ const mbedtls_md_type_t md_type,
+ unsigned char const *psk, size_t psk_len,
+ int psk_type,
+ unsigned char const *transcript,
+ unsigned char *result );
+
#endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */
diff --git a/library/timing.c b/library/timing.c
index eb41461..664fde0 100644
--- a/library/timing.c
+++ b/library/timing.c
@@ -387,6 +387,21 @@
(void) j;
}
+static void print_timers( struct mbedtls_timing_hr_time *hires,
+ mbedtls_timing_delay_context *ctx )
+{
+#if defined(MBEDTLS_TIMING_ALT)
+ mbedtls_printf( " elapsed(hires)=%lu elapsed(ctx)=?? status(ctx)=%d\n",
+ mbedtls_timing_get_timer( hires, 0 ),
+ mbedtls_timing_get_delay( ctx ) );
+#else
+ mbedtls_printf( " elapsed(hires)=%lu elapsed(ctx)=%lu status(ctx)=%d\n",
+ mbedtls_timing_get_timer( hires, 0 ),
+ mbedtls_timing_get_timer( &ctx->timer, 0 ),
+ mbedtls_timing_get_delay( ctx ) );
+#endif
+}
+
#define FAIL do \
{ \
if( verbose != 0 ) \
@@ -395,10 +410,7 @@
mbedtls_printf( " cycles=%lu ratio=%lu millisecs=%lu secs=%lu hardfail=%d a=%lu b=%lu\n", \
cycles, ratio, millisecs, secs, hardfail, \
(unsigned long) a, (unsigned long) b ); \
- mbedtls_printf( " elapsed(hires)=%lu elapsed(ctx)=%lu status(ctx)=%d\n", \
- mbedtls_timing_get_timer( &hires, 0 ), \
- mbedtls_timing_get_timer( &ctx.timer, 0 ), \
- mbedtls_timing_get_delay( &ctx ) ); \
+ print_timers( &hires, &ctx ); \
} \
return( 1 ); \
} while( 0 )
diff --git a/library/x509_crt.c b/library/x509_crt.c
index b4fe886..d4e0ffd 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -818,8 +818,7 @@
{
/*
* Set the parsing return code but continue parsing, in case this
- * extension is critical and MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
- * is configured.
+ * extension is critical.
*/
parse_ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
}
@@ -961,14 +960,12 @@
/* No parser found, skip extension */
*p = end_ext_octet;
-#if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
if( is_critical )
{
/* Data is marked as critical: fail */
return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
}
-#endif
continue;
}
@@ -1027,11 +1024,9 @@
start_ext_octet, end_ext_octet ) == 0 )
break;
-#if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
if( is_critical )
return( ret );
else
-#endif
/*
* If MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, then we
* cannot interpret or enforce the policy. However, it is up to
@@ -1049,11 +1044,9 @@
* supports, but there isn't an x509 parser for it,
* skip the extension.
*/
-#if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
if( is_critical )
return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
else
-#endif
*p = end_ext_octet;
}
}
@@ -1268,9 +1261,7 @@
}
}
-#if !defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3)
if( crt->version == 3 )
-#endif
{
ret = x509_get_crt_ext( &p, end, crt, cb, p_ctx );
if( ret != 0 )
@@ -2240,7 +2231,6 @@
}
#endif /* MBEDTLS_X509_REMOVE_INFO */
-#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
unsigned int usage )
{
@@ -2263,9 +2253,7 @@
return( 0 );
}
-#endif
-#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
const char *usage_oid,
size_t usage_len )
@@ -2295,7 +2283,6 @@
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
}
-#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
#if defined(MBEDTLS_X509_CRL_PARSE_C)
/*
@@ -2346,14 +2333,12 @@
/*
* Check if the CA is configured to sign CRLs
*/
-#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
if( mbedtls_x509_crt_check_key_usage( ca,
MBEDTLS_X509_KU_CRL_SIGN ) != 0 )
{
flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
break;
}
-#endif
/*
* Check if CRL is correctly signed by the trusted CA
@@ -2490,13 +2475,11 @@
if( need_ca_bit && ! parent->ca_istrue )
return( -1 );
-#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
if( need_ca_bit &&
mbedtls_x509_crt_check_key_usage( parent, MBEDTLS_X509_KU_KEY_CERT_SIGN ) != 0 )
{
return( -1 );
}
-#endif
return( 0 );
}
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 8f4a4f5..c90f8bc 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -178,7 +178,7 @@
MBEDTLS_ASN1_CHK_ADD( len,
mbedtls_pk_write_pubkey( &c, buf, ctx->subject_key ) );
- ret = mbedtls_sha1_ret( buf + sizeof( buf ) - len, len,
+ ret = mbedtls_sha1( buf + sizeof( buf ) - len, len,
buf + sizeof( buf ) - 20 );
if( ret != 0 )
return( ret );
@@ -206,7 +206,7 @@
MBEDTLS_ASN1_CHK_ADD( len,
mbedtls_pk_write_pubkey( &c, buf, ctx->issuer_key ) );
- ret = mbedtls_sha1_ret( buf + sizeof( buf ) - len, len,
+ ret = mbedtls_sha1( buf + sizeof( buf ) - len, len,
buf + sizeof( buf ) - 20 );
if( ret != 0 )
return( ret );
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index afda950..9f0ad93 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -83,10 +83,11 @@
int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr *ctx,
const char *oid, size_t oid_len,
+ int critical,
const unsigned char *val, size_t val_len )
{
return mbedtls_x509_set_extension( &ctx->extensions, oid, oid_len,
- 0, val, val_len );
+ critical, val, val_len );
}
int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage )
@@ -103,7 +104,7 @@
ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_KEY_USAGE,
MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ),
- c, (size_t)ret );
+ 0, c, (size_t)ret );
if( ret != 0 )
return( ret );
@@ -125,7 +126,7 @@
ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_NS_CERT_TYPE,
MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ),
- c, (size_t)ret );
+ 0, c, (size_t)ret );
if( ret != 0 )
return( ret );
diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index 63a1248..0f97867 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@@ -128,7 +128,7 @@
while( *list )
{
cipher_info = mbedtls_cipher_info_from_type( *list );
- mbedtls_printf( " %s\n", cipher_info->name );
+ mbedtls_printf( " %s\n", cipher_info->MBEDTLS_PRIVATE(name) );
list++;
}
@@ -313,7 +313,7 @@
}
- if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen,
+ if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->MBEDTLS_PRIVATE(key_bitlen),
MBEDTLS_ENCRYPT ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n");
@@ -412,7 +412,7 @@
/*
* Check the file size.
*/
- if( cipher_info->mode != MBEDTLS_MODE_GCM &&
+ if( cipher_info->MBEDTLS_PRIVATE(mode) != MBEDTLS_MODE_GCM &&
( ( filesize - mbedtls_md_get_size( md_info ) ) %
mbedtls_cipher_get_block_size( &cipher_ctx ) ) != 0 )
{
@@ -452,7 +452,7 @@
mbedtls_md_finish( &md_ctx, digest );
}
- if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen,
+ if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->MBEDTLS_PRIVATE(key_bitlen),
MBEDTLS_DECRYPT ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n" );
diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c
index a637173..cbd9483 100644
--- a/programs/fuzz/fuzz_client.c
+++ b/programs/fuzz/fuzz_client.c
@@ -1,3 +1,5 @@
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#include "mbedtls/ssl.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c
index 29c8672..16f6014 100644
--- a/programs/fuzz/fuzz_dtlsclient.c
+++ b/programs/fuzz/fuzz_dtlsclient.c
@@ -1,3 +1,5 @@
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#include <string.h>
#include <stdlib.h>
#include <stdint.h>
diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c
index b6dc52e..34ff63e 100644
--- a/programs/fuzz/fuzz_dtlsserver.c
+++ b/programs/fuzz/fuzz_dtlsserver.c
@@ -1,3 +1,5 @@
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#include <string.h>
#include <stdlib.h>
#include <stdint.h>
diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c
index 6c968fd..f76afd1 100644
--- a/programs/fuzz/fuzz_privkey.c
+++ b/programs/fuzz/fuzz_privkey.c
@@ -1,3 +1,5 @@
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#include <stdint.h>
#include <stdlib.h>
#include "mbedtls/pk.h"
diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c
index 9e80350..655d5d6 100644
--- a/programs/fuzz/fuzz_pubkey.c
+++ b/programs/fuzz/fuzz_pubkey.c
@@ -1,3 +1,5 @@
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#include <stdint.h>
#include <stdlib.h>
#include "mbedtls/pk.h"
diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c
index 16b800c..5480e3e 100644
--- a/programs/fuzz/fuzz_server.c
+++ b/programs/fuzz/fuzz_server.c
@@ -1,3 +1,5 @@
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#include "mbedtls/ssl.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c
index 15affb5..65fc37f 100644
--- a/programs/fuzz/fuzz_x509crl.c
+++ b/programs/fuzz/fuzz_x509crl.c
@@ -1,3 +1,5 @@
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#include <stdint.h>
#include "mbedtls/x509_crl.h"
diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c
index dbc153c..bd8bdff 100644
--- a/programs/fuzz/fuzz_x509crt.c
+++ b/programs/fuzz/fuzz_x509crt.c
@@ -1,3 +1,5 @@
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#include <stdint.h>
#include "mbedtls/x509_crt.h"
diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c
index a270742..a9205be 100644
--- a/programs/fuzz/fuzz_x509csr.c
+++ b/programs/fuzz/fuzz_x509csr.c
@@ -1,3 +1,5 @@
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#include <stdint.h>
#include "mbedtls/x509_csr.h"
diff --git a/programs/hash/hello.c b/programs/hash/hello.c
index 70bea42..18beb69 100644
--- a/programs/hash/hello.c
+++ b/programs/hash/hello.c
@@ -55,7 +55,7 @@
mbedtls_printf( "\n MD5('%s') = ", str );
- if( ( ret = mbedtls_md5_ret( (unsigned char *) str, 13, digest ) ) != 0 )
+ if( ( ret = mbedtls_md5( (unsigned char *) str, 13, digest ) ) != 0 )
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
for( i = 0; i < 16; i++ )
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index c6b3132..dbdee2d 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -92,7 +92,6 @@
mbedtls_aes_context aes;
mbedtls_net_init( &server_fd );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256 );
mbedtls_dhm_init( &dhm );
mbedtls_aes_init( &aes );
mbedtls_ctr_drbg_init( &ctr_drbg );
@@ -125,17 +124,17 @@
goto exit;
}
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &rsa );
- if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 )
+ if( ( ret = mbedtls_mpi_read_file( &rsa.MBEDTLS_PRIVATE(N), 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &rsa.MBEDTLS_PRIVATE(E), 16, f ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
fclose( f );
goto exit;
}
- rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3;
+ rsa.MBEDTLS_PRIVATE(len) = ( mbedtls_mpi_bitlen( &rsa.MBEDTLS_PRIVATE(N) ) + 7 ) >> 3;
fclose( f );
@@ -193,7 +192,8 @@
goto exit;
}
- if( dhm.len < 64 || dhm.len > 512 )
+ n = mbedtls_dhm_get_len( &dhm );
+ if( n < 64 || n > 512 )
{
mbedtls_printf( " failed\n ! Invalid DHM modulus size\n\n" );
goto exit;
@@ -208,15 +208,15 @@
p += 2;
- if( ( n = (size_t) ( end - p ) ) != rsa.len )
+ if( ( n = (size_t) ( end - p ) ) != rsa.MBEDTLS_PRIVATE(len) )
{
mbedtls_printf( " failed\n ! Invalid RSA signature size\n\n" );
goto exit;
}
- if( ( ret = mbedtls_sha1_ret( buf, (int)( p - 2 - buf ), hash ) ) != 0 )
+ if( ( ret = mbedtls_sha1( buf, (int)( p - 2 - buf ), hash ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_sha1_ret returned %d\n\n", ret );
+ mbedtls_printf( " failed\n ! mbedtls_sha1 returned %d\n\n", ret );
goto exit;
}
@@ -233,8 +233,8 @@
mbedtls_printf( "\n . Sending own public value to server" );
fflush( stdout );
- n = dhm.len;
- if( ( ret = mbedtls_dhm_make_public( &dhm, (int) dhm.len, buf, n,
+ n = mbedtls_dhm_get_len( &dhm );
+ if( ( ret = mbedtls_dhm_make_public( &dhm, (int) n, buf, n,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_dhm_make_public returned %d\n\n", ret );
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index 63df77e..0d5be4e 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -95,7 +95,6 @@
mbedtls_net_init( &listen_fd );
mbedtls_net_init( &client_fd );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256 );
mbedtls_dhm_init( &dhm );
mbedtls_aes_init( &aes );
mbedtls_ctr_drbg_init( &ctr_drbg );
@@ -131,7 +130,7 @@
goto exit;
}
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &rsa );
if( ( ret = mbedtls_mpi_read_file( &N , 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &E , 16, f ) ) != 0 ||
@@ -173,8 +172,8 @@
goto exit;
}
- if( mbedtls_mpi_read_file( &dhm.P, 16, f ) != 0 ||
- mbedtls_mpi_read_file( &dhm.G, 16, f ) != 0 )
+ if( mbedtls_mpi_read_file( &dhm.MBEDTLS_PRIVATE(P), 16, f ) != 0 ||
+ mbedtls_mpi_read_file( &dhm.MBEDTLS_PRIVATE(G), 16, f ) != 0 )
{
mbedtls_printf( " failed\n ! Invalid DH parameter file\n\n" );
fclose( f );
@@ -210,7 +209,7 @@
memset( buf, 0, sizeof( buf ) );
- if( ( ret = mbedtls_dhm_make_params( &dhm, (int) mbedtls_mpi_size( &dhm.P ), buf, &n,
+ if( ( ret = mbedtls_dhm_make_params( &dhm, (int) mbedtls_mpi_size( &dhm.MBEDTLS_PRIVATE(P) ), buf, &n,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_dhm_make_params returned %d\n\n", ret );
@@ -220,14 +219,14 @@
/*
* 5. Sign the parameters and send them
*/
- if( ( ret = mbedtls_sha1_ret( buf, n, hash ) ) != 0 )
+ if( ( ret = mbedtls_sha1( buf, n, hash ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_sha1_ret returned %d\n\n", ret );
+ mbedtls_printf( " failed\n ! mbedtls_sha1 returned %d\n\n", ret );
goto exit;
}
- buf[n ] = (unsigned char)( rsa.len >> 8 );
- buf[n + 1] = (unsigned char)( rsa.len );
+ buf[n ] = (unsigned char)( rsa.MBEDTLS_PRIVATE(len) >> 8 );
+ buf[n + 1] = (unsigned char)( rsa.MBEDTLS_PRIVATE(len) );
if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_MD_SHA256,
0, hash, buf + n + 2 ) ) != 0 )
@@ -236,7 +235,7 @@
goto exit;
}
- buflen = n + 2 + rsa.len;
+ buflen = n + 2 + rsa.MBEDTLS_PRIVATE(len);
buf2[0] = (unsigned char)( buflen >> 8 );
buf2[1] = (unsigned char)( buflen );
@@ -255,14 +254,14 @@
memset( buf, 0, sizeof( buf ) );
- n = dhm.len;
+ n = mbedtls_dhm_get_len( &dhm );
if( ( ret = mbedtls_net_recv( &client_fd, buf, n ) ) != (int) n )
{
mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret );
goto exit;
}
- if( ( ret = mbedtls_dhm_read_public( &dhm, buf, dhm.len ) ) != 0 )
+ if( ( ret = mbedtls_dhm_read_public( &dhm, buf, n ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_dhm_read_public returned %d\n\n", ret );
goto exit;
diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c
index 67f1363..1f4b8bc 100644
--- a/programs/pkey/ecdh_curve25519.c
+++ b/programs/pkey/ecdh_curve25519.c
@@ -91,14 +91,14 @@
mbedtls_printf( " . Setting up client context..." );
fflush( stdout );
- ret = mbedtls_ecp_group_load( &ctx_cli.grp, MBEDTLS_ECP_DP_CURVE25519 );
+ ret = mbedtls_ecp_group_load( &ctx_cli.MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_CURVE25519 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecp_group_load returned %d\n", ret );
goto exit;
}
- ret = mbedtls_ecdh_gen_public( &ctx_cli.grp, &ctx_cli.d, &ctx_cli.Q,
+ ret = mbedtls_ecdh_gen_public( &ctx_cli.MBEDTLS_PRIVATE(grp), &ctx_cli.MBEDTLS_PRIVATE(d), &ctx_cli.MBEDTLS_PRIVATE(Q),
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
@@ -106,7 +106,7 @@
goto exit;
}
- ret = mbedtls_mpi_write_binary( &ctx_cli.Q.X, cli_to_srv, 32 );
+ ret = mbedtls_mpi_write_binary( &ctx_cli.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), cli_to_srv, 32 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_write_binary returned %d\n", ret );
@@ -121,14 +121,14 @@
mbedtls_printf( " . Setting up server context..." );
fflush( stdout );
- ret = mbedtls_ecp_group_load( &ctx_srv.grp, MBEDTLS_ECP_DP_CURVE25519 );
+ ret = mbedtls_ecp_group_load( &ctx_srv.MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_CURVE25519 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecp_group_load returned %d\n", ret );
goto exit;
}
- ret = mbedtls_ecdh_gen_public( &ctx_srv.grp, &ctx_srv.d, &ctx_srv.Q,
+ ret = mbedtls_ecdh_gen_public( &ctx_srv.MBEDTLS_PRIVATE(grp), &ctx_srv.MBEDTLS_PRIVATE(d), &ctx_srv.MBEDTLS_PRIVATE(Q),
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
@@ -136,7 +136,7 @@
goto exit;
}
- ret = mbedtls_mpi_write_binary( &ctx_srv.Q.X, srv_to_cli, 32 );
+ ret = mbedtls_mpi_write_binary( &ctx_srv.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), srv_to_cli, 32 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_write_binary returned %d\n", ret );
@@ -151,22 +151,22 @@
mbedtls_printf( " . Server reading client key and computing secret..." );
fflush( stdout );
- ret = mbedtls_mpi_lset( &ctx_srv.Qp.Z, 1 );
+ ret = mbedtls_mpi_lset( &ctx_srv.MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(Z), 1 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_lset returned %d\n", ret );
goto exit;
}
- ret = mbedtls_mpi_read_binary( &ctx_srv.Qp.X, cli_to_srv, 32 );
+ ret = mbedtls_mpi_read_binary( &ctx_srv.MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(X), cli_to_srv, 32 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_read_binary returned %d\n", ret );
goto exit;
}
- ret = mbedtls_ecdh_compute_shared( &ctx_srv.grp, &ctx_srv.z,
- &ctx_srv.Qp, &ctx_srv.d,
+ ret = mbedtls_ecdh_compute_shared( &ctx_srv.MBEDTLS_PRIVATE(grp), &ctx_srv.MBEDTLS_PRIVATE(z),
+ &ctx_srv.MBEDTLS_PRIVATE(Qp), &ctx_srv.MBEDTLS_PRIVATE(d),
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
@@ -182,22 +182,22 @@
mbedtls_printf( " . Client reading server key and computing secret..." );
fflush( stdout );
- ret = mbedtls_mpi_lset( &ctx_cli.Qp.Z, 1 );
+ ret = mbedtls_mpi_lset( &ctx_cli.MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(Z), 1 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_lset returned %d\n", ret );
goto exit;
}
- ret = mbedtls_mpi_read_binary( &ctx_cli.Qp.X, srv_to_cli, 32 );
+ ret = mbedtls_mpi_read_binary( &ctx_cli.MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(X), srv_to_cli, 32 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_read_binary returned %d\n", ret );
goto exit;
}
- ret = mbedtls_ecdh_compute_shared( &ctx_cli.grp, &ctx_cli.z,
- &ctx_cli.Qp, &ctx_cli.d,
+ ret = mbedtls_ecdh_compute_shared( &ctx_cli.MBEDTLS_PRIVATE(grp), &ctx_cli.MBEDTLS_PRIVATE(z),
+ &ctx_cli.MBEDTLS_PRIVATE(Qp), &ctx_cli.MBEDTLS_PRIVATE(d),
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
@@ -213,7 +213,7 @@
mbedtls_printf( " . Checking if both computed secrets are equal..." );
fflush( stdout );
- ret = mbedtls_mpi_cmp_mpi( &ctx_cli.z, &ctx_srv.z );
+ ret = mbedtls_mpi_cmp_mpi( &ctx_cli.MBEDTLS_PRIVATE(z), &ctx_srv.MBEDTLS_PRIVATE(z) );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecdh_compute_shared returned %d\n", ret );
diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
index 1bbf826..31b4584 100644
--- a/programs/pkey/ecdsa.c
+++ b/programs/pkey/ecdsa.c
@@ -55,7 +55,7 @@
#define ECPARAMS MBEDTLS_ECP_DP_SECP192R1
#if !defined(ECPARAMS)
-#define ECPARAMS mbedtls_ecp_curve_list()->grp_id
+#define ECPARAMS mbedtls_ecp_curve_list()->MBEDTLS_PRIVATE(grp_id)
#endif
#if !defined(MBEDTLS_ECDSA_C) || !defined(MBEDTLS_SHA256_C) || \
@@ -84,7 +84,7 @@
unsigned char buf[300];
size_t len;
- if( mbedtls_ecp_point_write_binary( &key->grp, &key->Q,
+ if( mbedtls_ecp_point_write_binary( &key->MBEDTLS_PRIVATE(grp), &key->MBEDTLS_PRIVATE(Q),
MBEDTLS_ECP_PF_UNCOMPRESSED, &len, buf, sizeof buf ) != 0 )
{
mbedtls_printf("internal error\n");
@@ -156,7 +156,7 @@
goto exit;
}
- mbedtls_printf( " ok (key size: %d bits)\n", (int) ctx_sign.grp.pbits );
+ mbedtls_printf( " ok (key size: %d bits)\n", (int) ctx_sign.MBEDTLS_PRIVATE(grp).pbits );
dump_pubkey( " + Public key: ", &ctx_sign );
@@ -166,9 +166,9 @@
mbedtls_printf( " . Computing message hash..." );
fflush( stdout );
- if( ( ret = mbedtls_sha256_ret( message, sizeof( message ), hash, 0 ) ) != 0 )
+ if( ( ret = mbedtls_sha256( message, sizeof( message ), hash, 0 ) ) != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_sha256_ret returned %d\n", ret );
+ mbedtls_printf( " failed\n ! mbedtls_sha256 returned %d\n", ret );
goto exit;
}
@@ -204,13 +204,13 @@
mbedtls_printf( " . Preparing verification context..." );
fflush( stdout );
- if( ( ret = mbedtls_ecp_group_copy( &ctx_verify.grp, &ctx_sign.grp ) ) != 0 )
+ if( ( ret = mbedtls_ecp_group_copy( &ctx_verify.MBEDTLS_PRIVATE(grp), &ctx_sign.MBEDTLS_PRIVATE(grp) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecp_group_copy returned %d\n", ret );
goto exit;
}
- if( ( ret = mbedtls_ecp_copy( &ctx_verify.Q, &ctx_sign.Q ) ) != 0 )
+ if( ( ret = mbedtls_ecp_copy( &ctx_verify.MBEDTLS_PRIVATE(Q), &ctx_sign.MBEDTLS_PRIVATE(Q) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecp_copy returned %d\n", ret );
goto exit;
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index 63cc11e..9415530 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -90,7 +90,7 @@
#endif
#if defined(MBEDTLS_ECP_C)
-#define DFL_EC_CURVE mbedtls_ecp_curve_list()->grp_id
+#define DFL_EC_CURVE mbedtls_ecp_curve_list()->MBEDTLS_PRIVATE(grp_id)
#else
#define DFL_EC_CURVE 0
#endif
@@ -223,9 +223,9 @@
#if defined(MBEDTLS_ECP_C)
mbedtls_printf( " available ec_curve values:\n" );
curve_info = mbedtls_ecp_curve_list();
- mbedtls_printf( " %s (default)\n", curve_info->name );
- while( ( ++curve_info )->name != NULL )
- mbedtls_printf( " %s\n", curve_info->name );
+ mbedtls_printf( " %s (default)\n", curve_info->MBEDTLS_PRIVATE(name) );
+ while( ( ++curve_info )->MBEDTLS_PRIVATE(name) != NULL )
+ mbedtls_printf( " %s\n", curve_info->MBEDTLS_PRIVATE(name) );
#endif /* MBEDTLS_ECP_C */
goto exit;
}
@@ -274,7 +274,7 @@
{
if( ( curve_info = mbedtls_ecp_curve_info_from_name( q ) ) == NULL )
goto usage;
- opt.ec_curve = curve_info->grp_id;
+ opt.ec_curve = curve_info->MBEDTLS_PRIVATE(grp_id);
}
#endif
else if( strcmp( p, "filename" ) == 0 )
@@ -395,10 +395,10 @@
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key );
mbedtls_printf( "curve: %s\n",
- mbedtls_ecp_curve_info_from_grp_id( ecp->grp.id )->name );
- mbedtls_mpi_write_file( "X_Q: ", &ecp->Q.X, 16, NULL );
- mbedtls_mpi_write_file( "Y_Q: ", &ecp->Q.Y, 16, NULL );
- mbedtls_mpi_write_file( "D: ", &ecp->d , 16, NULL );
+ mbedtls_ecp_curve_info_from_grp_id( ecp->MBEDTLS_PRIVATE(grp).id )->MBEDTLS_PRIVATE(name) );
+ mbedtls_mpi_write_file( "X_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL );
+ mbedtls_mpi_write_file( "Y_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL );
+ mbedtls_mpi_write_file( "D: ", &ecp->MBEDTLS_PRIVATE(d) , 16, NULL );
}
else
#endif
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index 7f39e5c..7bd93c7 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -222,10 +222,10 @@
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY )
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "D : ", &ecp->d , 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "D : ", &ecp->MBEDTLS_PRIVATE(d) , 16, NULL ) );
}
else
#endif
@@ -273,9 +273,9 @@
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY )
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL ) );
}
else
#endif
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index 6a4d0e4..4b65262 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -335,10 +335,10 @@
if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_ECKEY )
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key );
- mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL );
- mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL );
- mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL );
- mbedtls_mpi_write_file( "D : ", &ecp->d , 16, NULL );
+ mbedtls_mpi_write_file( "Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL );
+ mbedtls_mpi_write_file( "Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL );
+ mbedtls_mpi_write_file( "Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL );
+ mbedtls_mpi_write_file( "D : ", &ecp->MBEDTLS_PRIVATE(d) , 16, NULL );
}
else
#endif
@@ -389,9 +389,9 @@
if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_ECKEY )
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key );
- mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL );
- mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL );
- mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL );
+ mbedtls_mpi_write_file( "Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL );
+ mbedtls_mpi_write_file( "Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL );
+ mbedtls_mpi_write_file( "Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL );
}
else
#endif
diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c
index 1ba8c73..bb3649f 100644
--- a/programs/pkey/rsa_decrypt.c
+++ b/programs/pkey/rsa_decrypt.c
@@ -90,7 +90,7 @@
mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &rsa );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
@@ -164,7 +164,7 @@
fclose( f );
- if( i != rsa.len )
+ if( i != rsa.MBEDTLS_PRIVATE(len) )
{
mbedtls_printf( "\n ! Invalid RSA signature format\n\n" );
goto exit;
diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c
index 6c654ad..a000505 100644
--- a/programs/pkey/rsa_encrypt.c
+++ b/programs/pkey/rsa_encrypt.c
@@ -87,7 +87,7 @@
fflush( stdout );
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &rsa );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
@@ -160,7 +160,7 @@
goto exit;
}
- for( i = 0; i < rsa.len; i++ )
+ for( i = 0; i < rsa.MBEDTLS_PRIVATE(len); i++ )
mbedtls_fprintf( f, "%02X%s", buf[i],
( i + 1 ) % 16 == 0 ? "\r\n" : " " );
diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c
index 26a8925..1dcfc52 100644
--- a/programs/pkey/rsa_genkey.c
+++ b/programs/pkey/rsa_genkey.c
@@ -75,7 +75,7 @@
const char *pers = "rsa_genkey";
mbedtls_ctr_drbg_init( &ctr_drbg );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &rsa );
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
index 1cfa0a8..d9ba3bb 100644
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c
@@ -67,7 +67,7 @@
char filename[512];
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &rsa );
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
@@ -164,7 +164,7 @@
goto exit;
}
- for( i = 0; i < rsa.len; i++ )
+ for( i = 0; i < rsa.MBEDTLS_PRIVATE(len); i++ )
mbedtls_fprintf( f, "%02X%s", buf[i],
( i + 1 ) % 16 == 0 ? "\r\n" : " " );
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index 9d5053a..26056dd 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -115,7 +115,13 @@
goto exit;
}
- mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256 );
+ if( ( ret = mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ),
+ MBEDTLS_RSA_PKCS_V21,
+ MBEDTLS_MD_SHA256 ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! Padding not supported\n" );
+ goto exit;
+ }
/*
* Compute the SHA-256 hash of the input file,
diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index 6aca171..fff568a 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@@ -66,7 +66,7 @@
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
char filename[512];
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &rsa );
if( argc != 2 )
{
@@ -89,15 +89,15 @@
goto exit;
}
- if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 ||
- ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 )
+ if( ( ret = mbedtls_mpi_read_file( &rsa.MBEDTLS_PRIVATE(N), 16, f ) ) != 0 ||
+ ( ret = mbedtls_mpi_read_file( &rsa.MBEDTLS_PRIVATE(E), 16, f ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
fclose( f );
goto exit;
}
- rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3;
+ rsa.MBEDTLS_PRIVATE(len) = ( mbedtls_mpi_bitlen( &rsa.MBEDTLS_PRIVATE(N) ) + 7 ) >> 3;
fclose( f );
@@ -119,7 +119,7 @@
fclose( f );
- if( i != rsa.len )
+ if( i != rsa.MBEDTLS_PRIVATE(len) )
{
mbedtls_printf( "\n ! Invalid RSA signature format\n\n" );
goto exit;
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index 81b0fd6..527d799 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -98,7 +98,13 @@
goto exit;
}
- mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256 );
+ if( ( ret = mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ),
+ MBEDTLS_RSA_PKCS_V21,
+ MBEDTLS_MD_SHA256 ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! Invalid padding\n" );
+ goto exit;
+ }
/*
* Extract the RSA signature from the file
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index bd2dc12..de47aab 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -229,7 +229,7 @@
mbedtls_ssl_cache_set );
#endif
- mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
+ mbedtls_ssl_conf_ca_chain( &conf, srvcert.MBEDTLS_PRIVATE(next), NULL );
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
{
printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c
index 0a9cc28..42dbeac 100644
--- a/programs/ssl/mini_client.c
+++ b/programs/ssl/mini_client.c
@@ -250,13 +250,13 @@
addr.sin_addr.s_addr = *((char *) &ret) == ret ? ADDR_LE : ADDR_BE;
ret = 0;
- if( ( server_fd.fd = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 )
+ if( ( server_fd.MBEDTLS_PRIVATE(fd) = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 )
{
ret = socket_failed;
goto exit;
}
- if( connect( server_fd.fd,
+ if( connect( server_fd.MBEDTLS_PRIVATE(fd),
(const struct sockaddr *) &addr, sizeof( addr ) ) < 0 )
{
ret = connect_failed;
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 12b4bdf..98a3048 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -17,6 +17,8 @@
* limitations under the License.
*/
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#include "ssl_test_lib.h"
#if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
@@ -2021,10 +2023,10 @@
mbedtls_printf( " [ Record expansion is unknown ]\n" );
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- mbedtls_printf( " [ Maximum input fragment length is %u ]\n",
- (unsigned int) mbedtls_ssl_get_input_max_frag_len( &ssl ) );
- mbedtls_printf( " [ Maximum output fragment length is %u ]\n",
- (unsigned int) mbedtls_ssl_get_output_max_frag_len( &ssl ) );
+ mbedtls_printf( " [ Maximum incoming record payload length is %u ]\n",
+ (unsigned int) mbedtls_ssl_get_max_in_record_payload( &ssl ) );
+ mbedtls_printf( " [ Maximum outgoing record payload length is %u ]\n",
+ (unsigned int) mbedtls_ssl_get_max_out_record_payload( &ssl ) );
#endif
#if defined(MBEDTLS_SSL_ALPN)
diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c
index ec24fa8..b360991 100644
--- a/programs/ssl/ssl_context_info.c
+++ b/programs/ssl/ssl_context_info.c
@@ -17,6 +17,8 @@
* limitations under the License.
*/
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
@@ -872,7 +874,6 @@
print_if_bit( "MBEDTLS_SSL_SESSION_TICKETS and client", SESSION_CONFIG_CLIENT_TICKET_BIT, session_cfg_flag );
print_if_bit( "MBEDTLS_SSL_DTLS_CONNECTION_ID", CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT, context_cfg_flag );
- print_if_bit( "MBEDTLS_SSL_DTLS_BADMAC_LIMIT", CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT, context_cfg_flag );
print_if_bit( "MBEDTLS_SSL_DTLS_ANTI_REPLAY", CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT, context_cfg_flag );
print_if_bit( "MBEDTLS_SSL_ALPN", CONTEXT_CONFIG_ALPN_BIT, context_cfg_flag );
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index d181c01..5732108 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -193,7 +193,7 @@
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
- mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
+ mbedtls_ssl_conf_ca_chain( &conf, srvcert.MBEDTLS_PRIVATE(next), NULL );
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
{
mbedtls_printf( " failed! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 428c643..09bbc3d 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -20,6 +20,7 @@
/* Enable definition of gethostname() even when compiling with -std=c99. Must
* be set before config.h, which pulls in glibc's features.h indirectly.
* Harmless on other platforms. */
+
#define _POSIX_C_SOURCE 200112L
#define _XOPEN_SOURCE 600
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 11147b0..42196ff 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -215,7 +215,7 @@
mbedtls_ssl_cache_set );
#endif
- mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
+ mbedtls_ssl_conf_ca_chain( &conf, srvcert.MBEDTLS_PRIVATE(next), NULL );
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 2cf2d73..de4eb6d 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -17,6 +17,8 @@
* limitations under the License.
*/
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#include "ssl_test_lib.h"
#if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
@@ -93,7 +95,6 @@
#define DFL_ECJPAKE_PW NULL
#define DFL_PSK_LIST NULL
#define DFL_FORCE_CIPHER 0
-#define DFL_VERSION_SUITES NULL
#define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED
#define DFL_ALLOW_LEGACY -2
#define DFL_RENEGOTIATE 0
@@ -363,12 +364,8 @@
#define USAGE_ANTI_REPLAY ""
#endif
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
#define USAGE_BADMAC_LIMIT \
" badmac_limit=%%d default: (library default: disabled)\n"
-#else
-#define USAGE_BADMAC_LIMIT ""
-#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
#define USAGE_DTLS \
@@ -505,9 +502,6 @@
" force_version=%%s default: \"\" (none)\n" \
" options: tls1_2, dtls1_2\n" \
"\n" \
- " version_suites=a,b,c per-version ciphersuites\n" \
- " in order from tls1 to tls1_2\n" \
- " default: all enabled\n" \
" force_ciphersuite=<name> default: all enabled\n" \
" query_config=<name> return 0 if the specified\n" \
" configuration macro is defined and 1\n" \
@@ -569,7 +563,6 @@
char *psk_list; /* list of PSK id/key pairs for callback */
const char *ecjpake_pw; /* the EC J-PAKE password */
int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
- const char *version_suites; /* per-version ciphersuites */
int renegotiation; /* enable / disable renegotiation */
int allow_legacy; /* allow legacy renegotiation */
int renegotiate; /* attempt renegotiation? */
@@ -1257,7 +1250,6 @@
{
int ret = 0, len, written, frags, exchanges_left;
int query_config_ret = 0;
- int version_suites[3][2];
io_ctx_t io_ctx;
unsigned char* buf = 0;
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
@@ -1485,7 +1477,6 @@
opt.psk_list = DFL_PSK_LIST;
opt.ecjpake_pw = DFL_ECJPAKE_PW;
opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
- opt.version_suites = DFL_VERSION_SUITES;
opt.renegotiation = DFL_RENEGOTIATION;
opt.allow_legacy = DFL_ALLOW_LEGACY;
opt.renegotiate = DFL_RENEGOTIATE;
@@ -1673,8 +1664,6 @@
}
else if( strcmp( p, "curves" ) == 0 )
opt.curves = q;
- else if( strcmp( p, "version_suites" ) == 0 )
- opt.version_suites = q;
else if( strcmp( p, "renegotiation" ) == 0 )
{
opt.renegotiation = (atoi( q )) ?
@@ -2040,10 +2029,6 @@
if( opt.min_version < ciphersuite_info->min_minor_ver )
{
opt.min_version = ciphersuite_info->min_minor_ver;
- /* DTLS starts with TLS 1.1 */
- if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
- opt.min_version < MBEDTLS_SSL_MINOR_VERSION_2 )
- opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -2071,47 +2056,6 @@
#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
- if( opt.version_suites != NULL )
- {
- const char *name[3] = { 0 };
-
- /* Parse 4-element coma-separated list */
- for( i = 0, p = (char *) opt.version_suites;
- i < 3 && *p != '\0';
- i++ )
- {
- name[i] = p;
-
- /* Terminate the current string and move on to next one */
- while( *p != ',' && *p != '\0' )
- p++;
- if( *p == ',' )
- *p++ = '\0';
- }
-
- if( i != 3 )
- {
- mbedtls_printf( "too few values for version_suites\n" );
- ret = 1;
- goto exit;
- }
-
- memset( version_suites, 0, sizeof( version_suites ) );
-
- /* Get the suites identifiers from their name */
- for( i = 0; i < 3; i++ )
- {
- version_suites[i][0] = mbedtls_ssl_get_ciphersuite_id( name[i] );
-
- if( version_suites[i][0] == 0 )
- {
- mbedtls_printf( "unknown ciphersuite: '%s'\n", name[i] );
- ret = 2;
- goto usage;
- }
- }
- }
-
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
if( mbedtls_test_unhexify( cid, sizeof( cid ),
opt.cid_val, &cid_len ) != 0 )
@@ -2685,29 +2629,14 @@
mbedtls_ssl_conf_dtls_anti_replay( &conf, opt.anti_replay );
#endif
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
if( opt.badmac_limit != DFL_BADMAC_LIMIT )
mbedtls_ssl_conf_dtls_badmac_limit( &conf, opt.badmac_limit );
-#endif
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
- if( opt.version_suites != NULL )
- {
- mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[0],
- MBEDTLS_SSL_MAJOR_VERSION_3,
- MBEDTLS_SSL_MINOR_VERSION_1 );
- mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[1],
- MBEDTLS_SSL_MAJOR_VERSION_3,
- MBEDTLS_SSL_MINOR_VERSION_2 );
- mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[2],
- MBEDTLS_SSL_MAJOR_VERSION_3,
- MBEDTLS_SSL_MINOR_VERSION_3 );
- }
-
if( opt.allow_legacy != DFL_ALLOW_LEGACY )
mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy );
#if defined(MBEDTLS_SSL_RENEGOTIATION)
@@ -3139,10 +3068,10 @@
mbedtls_printf( " [ Record expansion is unknown ]\n" );
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- mbedtls_printf( " [ Maximum input fragment length is %u ]\n",
- (unsigned int) mbedtls_ssl_get_input_max_frag_len( &ssl ) );
- mbedtls_printf( " [ Maximum output fragment length is %u ]\n",
- (unsigned int) mbedtls_ssl_get_output_max_frag_len( &ssl ) );
+ mbedtls_printf( " [ Maximum incoming record payload length is %u ]\n",
+ (unsigned int) mbedtls_ssl_get_max_in_record_payload( &ssl ) );
+ mbedtls_printf( " [ Maximum outgoing record payload length is %u ]\n",
+ (unsigned int) mbedtls_ssl_get_max_out_record_payload( &ssl ) );
#endif
#if defined(MBEDTLS_SSL_ALPN)
diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c
index 1bb9d61..04e127a 100644
--- a/programs/ssl/ssl_test_lib.c
+++ b/programs/ssl/ssl_test_lib.c
@@ -20,6 +20,8 @@
* limitations under the License.
*/
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#include "ssl_test_lib.h"
#if defined(MBEDTLS_TEST_HOOKS)
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index 3e4ac8b..1c5caa6 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -17,6 +17,8 @@
* limitations under the License.
*/
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
@@ -251,7 +253,11 @@
#if defined(MBEDTLS_ECP_C)
void ecp_clear_precomputed( mbedtls_ecp_group *grp )
{
- if( grp->T != NULL )
+ if( grp->T != NULL
+#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
+ && grp->T_size != 0
+#endif
+ )
{
size_t i;
for( i = 0; i < grp->T_size; i++ )
@@ -401,32 +407,32 @@
#if defined(MBEDTLS_MD4_C)
if( todo.md4 )
- TIME_AND_TSC( "MD4", mbedtls_md4_ret( buf, BUFSIZE, tmp ) );
+ TIME_AND_TSC( "MD4", mbedtls_md4( buf, BUFSIZE, tmp ) );
#endif
#if defined(MBEDTLS_MD5_C)
if( todo.md5 )
- TIME_AND_TSC( "MD5", mbedtls_md5_ret( buf, BUFSIZE, tmp ) );
+ TIME_AND_TSC( "MD5", mbedtls_md5( buf, BUFSIZE, tmp ) );
#endif
#if defined(MBEDTLS_RIPEMD160_C)
if( todo.ripemd160 )
- TIME_AND_TSC( "RIPEMD160", mbedtls_ripemd160_ret( buf, BUFSIZE, tmp ) );
+ TIME_AND_TSC( "RIPEMD160", mbedtls_ripemd160( buf, BUFSIZE, tmp ) );
#endif
#if defined(MBEDTLS_SHA1_C)
if( todo.sha1 )
- TIME_AND_TSC( "SHA-1", mbedtls_sha1_ret( buf, BUFSIZE, tmp ) );
+ TIME_AND_TSC( "SHA-1", mbedtls_sha1( buf, BUFSIZE, tmp ) );
#endif
#if defined(MBEDTLS_SHA256_C)
if( todo.sha256 )
- TIME_AND_TSC( "SHA-256", mbedtls_sha256_ret( buf, BUFSIZE, tmp, 0 ) );
+ TIME_AND_TSC( "SHA-256", mbedtls_sha256( buf, BUFSIZE, tmp, 0 ) );
#endif
#if defined(MBEDTLS_SHA512_C)
if( todo.sha512 )
- TIME_AND_TSC( "SHA-512", mbedtls_sha512_ret( buf, BUFSIZE, tmp, 0 ) );
+ TIME_AND_TSC( "SHA-512", mbedtls_sha512( buf, BUFSIZE, tmp, 0 ) );
#endif
#if defined(MBEDTLS_ARC4_C)
@@ -782,7 +788,7 @@
{
mbedtls_snprintf( title, sizeof( title ), "RSA-%d", keysize );
- mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &rsa );
mbedtls_rsa_gen_key( &rsa, myrand, NULL, keysize, 65537 );
TIME_PUBLIC( title, " public",
@@ -821,6 +827,7 @@
mbedtls_dhm_context dhm;
size_t olen;
+ size_t n;
for( i = 0; (size_t) i < sizeof( dhm_sizes ) / sizeof( dhm_sizes[0] ); i++ )
{
mbedtls_dhm_init( &dhm );
@@ -833,14 +840,14 @@
mbedtls_exit( 1 );
}
- dhm.len = mbedtls_mpi_size( &dhm.P );
- mbedtls_dhm_make_public( &dhm, (int) dhm.len, buf, dhm.len, myrand, NULL );
+ n = mbedtls_mpi_size( &dhm.P );
+ mbedtls_dhm_make_public( &dhm, (int) n, buf, n, myrand, NULL );
if( mbedtls_mpi_copy( &dhm.GY, &dhm.GX ) != 0 )
mbedtls_exit( 1 );
mbedtls_snprintf( title, sizeof( title ), "DHE-%d", dhm_sizes[i] );
TIME_PUBLIC( title, "handshake",
- ret |= mbedtls_dhm_make_public( &dhm, (int) dhm.len, buf, dhm.len,
+ ret |= mbedtls_dhm_make_public( &dhm, (int) n, buf, n,
myrand, NULL );
ret |= mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &olen, myrand, NULL ) );
diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index e160feb..a3e306c 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -17,6 +17,8 @@
* limitations under the License.
*/
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index afe0118..91c231f 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -23,6 +23,8 @@
* example of good general usage.
*/
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index fb24843..2adef39 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -335,7 +335,7 @@
mbedtls_printf( "%s\n", buf );
- cur = cur->next;
+ cur = cur->MBEDTLS_PRIVATE(next);
}
/*
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 18174d8..ff7cf98 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -518,7 +518,7 @@
}
ret = mbedtls_x509_dn_gets( issuer_name, sizeof(issuer_name),
- &issuer_crt.subject );
+ &issuer_crt.MBEDTLS_PRIVATE(subject) );
if( ret < 0 )
{
mbedtls_strerror( ret, buf, 1024 );
@@ -552,7 +552,7 @@
}
ret = mbedtls_x509_dn_gets( subject_name, sizeof(subject_name),
- &csr.subject );
+ &csr.MBEDTLS_PRIVATE(subject) );
if( ret < 0 )
{
mbedtls_strerror( ret, buf, 1024 );
@@ -562,7 +562,7 @@
}
opt.subject_name = subject_name;
- subject_key = &csr.pk;
+ subject_key = &csr.MBEDTLS_PRIVATE(pk);
mbedtls_printf( " ok\n" );
}
@@ -606,7 +606,7 @@
//
if( strlen( opt.issuer_crt ) )
{
- if( mbedtls_pk_check_pair( &issuer_crt.pk, issuer_key ) != 0 )
+ if( mbedtls_pk_check_pair( &issuer_crt.MBEDTLS_PRIVATE(pk), issuer_key ) != 0 )
{
mbedtls_printf( " failed\n ! issuer_key does not match "
"issuer certificate\n\n" );
diff --git a/scripts/config.py b/scripts/config.py
index 1b8c3db..e27f322 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -147,6 +147,15 @@
setting.active = adapter(setting.name, setting.active,
setting.section)
+ def change_matching(self, regexs, enable):
+ """Change all symbols matching one of the regexs to the desired state."""
+ if not regexs:
+ return
+ regex = re.compile('|'.join(regexs))
+ for setting in self.settings.values():
+ if regex.search(setting.name):
+ setting.active = enable
+
def is_full_section(section):
"""Is this section affected by "config.py full" and friends?"""
return section.endswith('support') or section.endswith('modules')
@@ -189,11 +198,9 @@
'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # incompatible with USE_PSA_CRYPTO
'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM)
'MBEDTLS_PSA_INJECT_ENTROPY', # build dependency (hook functions)
- 'MBEDTLS_REMOVE_3DES_CIPHERSUITES', # removes a feature
'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS
'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan)
'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers)
- 'MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION', # influences the use of X.509 in TLS
'MBEDTLS_X509_REMOVE_INFO', # removes a feature
])
@@ -456,11 +463,21 @@
parser_set.add_argument('symbol', metavar='SYMBOL')
parser_set.add_argument('value', metavar='VALUE', nargs='?',
default='')
+ parser_set_all = subparsers.add_parser('set-all',
+ help="""Uncomment all #define
+ whose name contains a match for
+ REGEX.""")
+ parser_set_all.add_argument('regexs', metavar='REGEX', nargs='*')
parser_unset = subparsers.add_parser('unset',
help="""Comment out the #define
for SYMBOL. Do nothing if none
is present.""")
parser_unset.add_argument('symbol', metavar='SYMBOL')
+ parser_unset_all = subparsers.add_parser('unset-all',
+ help="""Comment out all #define
+ whose name contains a match for
+ REGEX.""")
+ parser_unset_all.add_argument('regexs', metavar='REGEX', nargs='*')
def add_adapter(name, function, description):
subparser = subparsers.add_parser(name, help=description)
@@ -507,8 +524,12 @@
.format(args.symbol, config.filename))
return 1
config.set(args.symbol, value=args.value)
+ elif args.command == 'set-all':
+ config.change_matching(args.regexs, True)
elif args.command == 'unset':
config.unset(args.symbol)
+ elif args.command == 'unset-all':
+ config.change_matching(args.regexs, False)
else:
config.adapt(args.adapter)
config.write(args.write)
diff --git a/scripts/ecp_comb_table.py b/scripts/ecp_comb_table.py
new file mode 100755
index 0000000..bc11431
--- /dev/null
+++ b/scripts/ecp_comb_table.py
@@ -0,0 +1,249 @@
+#!/usr/bin/env python3
+"""
+Purpose
+
+This script dumps comb table of ec curve. When you add a new ec curve, you
+can use this script to generate codes to define `<curve>_T` in ecp_curves.c
+"""
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import os
+import subprocess
+import sys
+import tempfile
+
+HOW_TO_ADD_NEW_CURVE = """
+If you are trying to add new curve, you can follow these steps:
+
+1. Define curve parameters (<curve>_p, <curve>_gx, etc...) in ecp_curves.c.
+2. Add a macro to define <curve>_T to NULL following these parameters.
+3. Build mbedcrypto
+4. Run this script with an argument of new curve
+5. Copy the output of this script into ecp_curves.c and replace the macro added
+ in Step 2
+6. Rebuild and test if everything is ok
+
+Replace the <curve> in the above with the name of the curve you want to add."""
+
+CC = os.getenv('CC', 'cc')
+MBEDTLS_LIBRARY_PATH = os.getenv('MBEDTLS_LIBRARY_PATH', "library")
+
+SRC_DUMP_COMB_TABLE = r'''
+#include <stdio.h>
+#include <stdlib.h>
+#include "mbedtls/ecp.h"
+#include "mbedtls/error.h"
+
+static void dump_mpi_initialize( const char *name, const mbedtls_mpi *d )
+{
+ uint8_t buf[128] = {0};
+ size_t olen;
+ uint8_t *p;
+
+ olen = mbedtls_mpi_size( d );
+ mbedtls_mpi_write_binary_le( d, buf, olen );
+ printf("static const mbedtls_mpi_uint %s[] = {\n", name);
+ for (p = buf; p < buf + olen; p += 8) {
+ printf( " BYTES_TO_T_UINT_8( 0x%02X, 0x%02X, 0x%02X, 0x%02X, 0x%02X, 0x%02X, 0x%02X, 0x%02X ),\n",
+ p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7] );
+ }
+ printf("};\n");
+}
+
+static void dump_T( const mbedtls_ecp_group *grp )
+{
+ char name[128];
+
+ printf( "#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1\n" );
+
+ for (size_t i = 0; i < grp->T_size; ++i) {
+ snprintf( name, sizeof(name), "%s_T_%zu_X", CURVE_NAME, i );
+ dump_mpi_initialize( name, &grp->T[i].X );
+
+ snprintf( name, sizeof(name), "%s_T_%zu_Y", CURVE_NAME, i );
+ dump_mpi_initialize( name, &grp->T[i].Y );
+ }
+ printf( "static const mbedtls_ecp_point %s_T[%zu] = {\n", CURVE_NAME, grp->T_size );
+ size_t olen;
+ for (size_t i = 0; i < grp->T_size; ++i) {
+ int z;
+ if ( mbedtls_mpi_cmp_int(&grp->T[i].Z, 0) == 0 ) {
+ z = 0;
+ } else if ( mbedtls_mpi_cmp_int(&grp->T[i].Z, 1) == 0 ) {
+ z = 1;
+ } else {
+ fprintf( stderr, "Unexpected value of Z (i = %d)\n", (int)i );
+ exit( 1 );
+ }
+ printf( " ECP_POINT_INIT_XY_Z%d(%s_T_%zu_X, %s_T_%zu_Y),\n",
+ z,
+ CURVE_NAME, i,
+ CURVE_NAME, i
+ );
+ }
+ printf("};\n#endif\n\n");
+}
+
+int main()
+{
+ int rc;
+ mbedtls_mpi m;
+ mbedtls_ecp_point R;
+ mbedtls_ecp_group grp;
+
+ mbedtls_ecp_group_init( &grp );
+ rc = mbedtls_ecp_group_load( &grp, CURVE_ID );
+ if (rc != 0) {
+ char buf[100];
+ mbedtls_strerror( rc, buf, sizeof(buf) );
+ fprintf( stderr, "mbedtls_ecp_group_load: %s (-0x%x)\n", buf, -rc );
+ return 1;
+ }
+ grp.T = NULL;
+ mbedtls_ecp_point_init( &R );
+ mbedtls_mpi_init( &m);
+ mbedtls_mpi_lset( &m, 1 );
+ rc = mbedtls_ecp_mul( &grp, &R, &m, &grp.G, NULL, NULL );
+ if ( rc != 0 ) {
+ char buf[100];
+ mbedtls_strerror( rc, buf, sizeof(buf) );
+ fprintf( stderr, "mbedtls_ecp_mul: %s (-0x%x)\n", buf, -rc );
+ return 1;
+ }
+ if ( grp.T == NULL ) {
+ fprintf( stderr, "grp.T is not generated. Please make sure"
+ "MBEDTLS_ECP_FIXED_POINT_OPTIM is enabled in config.h\n" );
+ return 1;
+ }
+ dump_T( &grp );
+ return 0;
+}
+'''
+
+SRC_DUMP_KNOWN_CURVE = r'''
+#include <stdio.h>
+#include <stdlib.h>
+#include "mbedtls/ecp.h"
+
+int main() {
+ const mbedtls_ecp_curve_info *info = mbedtls_ecp_curve_list();
+ mbedtls_ecp_group grp;
+
+ mbedtls_ecp_group_init( &grp );
+ while ( info->name != NULL ) {
+ mbedtls_ecp_group_load( &grp, info->grp_id );
+ if ( mbedtls_ecp_get_type(&grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) {
+ printf( " %s", info->name );
+ }
+ info++;
+ }
+ printf( "\n" );
+ return 0;
+}
+'''
+
+
+def join_src_path(*args):
+ return os.path.normpath(os.path.join(os.path.dirname(__file__), "..", *args))
+
+
+def run_c_source(src, cflags):
+ """
+ Compile and run C source code
+ :param src: the c language code to run
+ :param cflags: additional cflags passing to compiler
+ :return:
+ """
+ binname = tempfile.mktemp(prefix="mbedtls")
+ fd, srcname = tempfile.mkstemp(prefix="mbedtls", suffix=".c")
+ srcfile = os.fdopen(fd, mode="w")
+ srcfile.write(src)
+ srcfile.close()
+ args = [CC,
+ *cflags,
+ '-I' + join_src_path("include"),
+ "-o", binname,
+ '-L' + MBEDTLS_LIBRARY_PATH,
+ srcname,
+ '-lmbedcrypto']
+
+ p = subprocess.run(args=args, check=False)
+ if p.returncode != 0:
+ return False
+ p = subprocess.run(args=[binname], check=False, env={
+ 'LD_LIBRARY_PATH': MBEDTLS_LIBRARY_PATH
+ })
+ if p.returncode != 0:
+ return False
+ os.unlink(srcname)
+ os.unlink(binname)
+ return True
+
+
+def compute_curve(curve):
+ """compute comb table for curve"""
+ r = run_c_source(
+ SRC_DUMP_COMB_TABLE,
+ [
+ '-g',
+ '-DCURVE_ID=MBEDTLS_ECP_DP_%s' % curve.upper(),
+ '-DCURVE_NAME="%s"' % curve.lower(),
+ ])
+ if not r:
+ print("""\
+Unable to compile and run utility.""", file=sys.stderr)
+ sys.exit(1)
+
+
+def usage():
+ print("""
+Usage: python %s <curve>...
+
+Arguments:
+ curve Specify one or more curve names (e.g secp256r1)
+
+All possible curves: """ % sys.argv[0])
+ run_c_source(SRC_DUMP_KNOWN_CURVE, [])
+ print("""
+Environment Variable:
+ CC Specify which c compile to use to compile utility.
+ MBEDTLS_LIBRARY_PATH
+ Specify the path to mbedcrypto library. (e.g. build/library/)
+
+How to add a new curve: %s""" % HOW_TO_ADD_NEW_CURVE)
+
+
+def run_main():
+ shared_lib_path = os.path.normpath(os.path.join(MBEDTLS_LIBRARY_PATH, "libmbedcrypto.so"))
+ static_lib_path = os.path.normpath(os.path.join(MBEDTLS_LIBRARY_PATH, "libmbedcrypto.a"))
+ if not os.path.exists(shared_lib_path) and not os.path.exists(static_lib_path):
+ print("Warning: both '%s' and '%s' are not exists. This script will use "
+ "the library from your system instead of the library compiled by "
+ "this source directory.\n"
+ "You can specify library path using environment variable "
+ "'MBEDTLS_LIBRARY_PATH'." % (shared_lib_path, static_lib_path),
+ file=sys.stderr)
+
+ if len(sys.argv) <= 1:
+ usage()
+ else:
+ for curve in sys.argv[1:]:
+ compute_curve(curve)
+
+
+if __name__ == '__main__':
+ run_main()
diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl
index 8c8c188..7276049 100755
--- a/scripts/generate_query_config.pl
+++ b/scripts/generate_query_config.pl
@@ -50,7 +50,6 @@
# throw errors.
my @excluded = qw(
MBEDTLS_SSL_CIPHERSUITES
-MBEDTLS_PARAM_FAILED
);
my $excluded_re = join '|', @excluded;
diff --git a/scripts/mbedtls_dev/crypto_knowledge.py b/scripts/mbedtls_dev/crypto_knowledge.py
index aa52790..94a97e7 100644
--- a/scripts/mbedtls_dev/crypto_knowledge.py
+++ b/scripts/mbedtls_dev/crypto_knowledge.py
@@ -33,7 +33,7 @@
`name` is a string 'PSA_KEY_TYPE_xxx' which is the name of a PSA key
type macro. For key types that take arguments, the arguments can
be passed either through the optional argument `params` or by
- passing an expression of the form 'PSA_KEY_TYPE_xxx(param1, param2)'
+ passing an expression of the form 'PSA_KEY_TYPE_xxx(param1, ...)'
in `name` as a string.
"""
@@ -48,7 +48,7 @@
m = re.match(r'(\w+)\s*\((.*)\)\Z', self.name)
assert m is not None
self.name = m.group(1)
- params = ','.split(m.group(2))
+ params = m.group(2).split(',')
self.params = (None if params is None else
[param.strip() for param in params])
"""The parameters of the key type, if there are any.
diff --git a/scripts/mbedtls_dev/macro_collector.py b/scripts/mbedtls_dev/macro_collector.py
index a2192ba..395e038 100644
--- a/scripts/mbedtls_dev/macro_collector.py
+++ b/scripts/mbedtls_dev/macro_collector.py
@@ -18,7 +18,55 @@
import itertools
import re
-from typing import Dict, Iterable, Iterator, List, Set
+from typing import Dict, Iterable, Iterator, List, Optional, Pattern, Set, Tuple, Union
+
+
+class ReadFileLineException(Exception):
+ def __init__(self, filename: str, line_number: Union[int, str]) -> None:
+ message = 'in {} at {}'.format(filename, line_number)
+ super(ReadFileLineException, self).__init__(message)
+ self.filename = filename
+ self.line_number = line_number
+
+
+class read_file_lines:
+ # Dear Pylint, conventionally, a context manager class name is lowercase.
+ # pylint: disable=invalid-name,too-few-public-methods
+ """Context manager to read a text file line by line.
+
+ ```
+ with read_file_lines(filename) as lines:
+ for line in lines:
+ process(line)
+ ```
+ is equivalent to
+ ```
+ with open(filename, 'r') as input_file:
+ for line in input_file:
+ process(line)
+ ```
+ except that if process(line) raises an exception, then the read_file_lines
+ snippet annotates the exception with the file name and line number.
+ """
+ def __init__(self, filename: str, binary: bool = False) -> None:
+ self.filename = filename
+ self.line_number = 'entry' #type: Union[int, str]
+ self.generator = None #type: Optional[Iterable[Tuple[int, str]]]
+ self.binary = binary
+ def __enter__(self) -> 'read_file_lines':
+ self.generator = enumerate(open(self.filename,
+ 'rb' if self.binary else 'r'))
+ return self
+ def __iter__(self) -> Iterator[str]:
+ assert self.generator is not None
+ for line_number, content in self.generator:
+ self.line_number = line_number
+ yield content
+ self.line_number = 'exit'
+ def __exit__(self, exc_type, exc_value, exc_traceback) -> None:
+ if exc_type is not None:
+ raise ReadFileLineException(self.filename, self.line_number) \
+ from exc_value
class PSAMacroEnumerator:
@@ -47,6 +95,7 @@
self.mac_algorithms = set() #type: Set[str]
self.ka_algorithms = set() #type: Set[str]
self.kdf_algorithms = set() #type: Set[str]
+ self.pake_algorithms = set() #type: Set[str]
self.aead_algorithms = set() #type: Set[str]
# macro name -> list of argument names
self.argspecs = {} #type: Dict[str, List[str]]
@@ -57,6 +106,20 @@
'tag_length': [],
'min_tag_length': [],
} #type: Dict[str, List[str]]
+ # Whether to include intermediate macros in enumerations. Intermediate
+ # macros serve as category headers and are not valid values of their
+ # type. See `is_internal_name`.
+ # Always false in this class, may be set to true in derived classes.
+ self.include_intermediate = False
+
+ def is_internal_name(self, name: str) -> bool:
+ """Whether this is an internal macro. Internal macros will be skipped."""
+ if not self.include_intermediate:
+ if name.endswith('_BASE') or name.endswith('_NONE'):
+ return True
+ if '_CATEGORY_' in name:
+ return True
+ return name.endswith('_FLAG') or name.endswith('_MASK')
def gather_arguments(self) -> None:
"""Populate the list of values for macro arguments.
@@ -73,7 +136,11 @@
@staticmethod
def _format_arguments(name: str, arguments: Iterable[str]) -> str:
- """Format a macro call with arguments.."""
+ """Format a macro call with arguments.
+
+ The resulting format is consistent with
+ `InputsForTest.normalize_argument`.
+ """
return name + '(' + ', '.join(arguments) + ')'
_argument_split_re = re.compile(r' *, *')
@@ -111,6 +178,15 @@
except BaseException as e:
raise Exception('distribute_arguments({})'.format(name)) from e
+ def distribute_arguments_without_duplicates(
+ self, seen: Set[str], name: str
+ ) -> Iterator[str]:
+ """Same as `distribute_arguments`, but don't repeat seen results."""
+ for result in self.distribute_arguments(name):
+ if result not in seen:
+ seen.add(result)
+ yield result
+
def generate_expressions(self, names: Iterable[str]) -> Iterator[str]:
"""Generate expressions covering values constructed from the given names.
@@ -123,7 +199,11 @@
* ``macros.generate_expressions(macros.key_types)`` generates all
key types.
"""
- return itertools.chain(*map(self.distribute_arguments, names))
+ seen = set() #type: Set[str]
+ return itertools.chain(*(
+ self.distribute_arguments_without_duplicates(seen, name)
+ for name in names
+ ))
class PSAMacroCollector(PSAMacroEnumerator):
@@ -144,15 +224,6 @@
self.key_types_from_group = {} #type: Dict[str, str]
self.algorithms_from_hash = {} #type: Dict[str, str]
- def is_internal_name(self, name: str) -> bool:
- """Whether this is an internal macro. Internal macros will be skipped."""
- if not self.include_intermediate:
- if name.endswith('_BASE') or name.endswith('_NONE'):
- return True
- if '_CATEGORY_' in name:
- return True
- return name.endswith('_FLAG') or name.endswith('_MASK')
-
def record_algorithm_subtype(self, name: str, expansion: str) -> None:
"""Record the subtype of an algorithm constructor.
@@ -251,3 +322,181 @@
m = re.search(self._continued_line_re, line)
line = re.sub(self._nonascii_re, rb'', line).decode('ascii')
self.read_line(line)
+
+
+class InputsForTest(PSAMacroEnumerator):
+ # pylint: disable=too-many-instance-attributes
+ """Accumulate information about macros to test.
+enumerate
+ This includes macro names as well as information about their arguments
+ when applicable.
+ """
+
+ def __init__(self) -> None:
+ super().__init__()
+ self.all_declared = set() #type: Set[str]
+ # Identifier prefixes
+ self.table_by_prefix = {
+ 'ERROR': self.statuses,
+ 'ALG': self.algorithms,
+ 'ECC_CURVE': self.ecc_curves,
+ 'DH_GROUP': self.dh_groups,
+ 'KEY_TYPE': self.key_types,
+ 'KEY_USAGE': self.key_usage_flags,
+ } #type: Dict[str, Set[str]]
+ # Test functions
+ self.table_by_test_function = {
+ # Any function ending in _algorithm also gets added to
+ # self.algorithms.
+ 'key_type': [self.key_types],
+ 'block_cipher_key_type': [self.key_types],
+ 'stream_cipher_key_type': [self.key_types],
+ 'ecc_key_family': [self.ecc_curves],
+ 'ecc_key_types': [self.ecc_curves],
+ 'dh_key_family': [self.dh_groups],
+ 'dh_key_types': [self.dh_groups],
+ 'hash_algorithm': [self.hash_algorithms],
+ 'mac_algorithm': [self.mac_algorithms],
+ 'cipher_algorithm': [],
+ 'hmac_algorithm': [self.mac_algorithms],
+ 'aead_algorithm': [self.aead_algorithms],
+ 'key_derivation_algorithm': [self.kdf_algorithms],
+ 'key_agreement_algorithm': [self.ka_algorithms],
+ 'asymmetric_signature_algorithm': [],
+ 'asymmetric_signature_wildcard': [self.algorithms],
+ 'asymmetric_encryption_algorithm': [],
+ 'pake_algorithm': [self.pake_algorithms],
+ 'other_algorithm': [],
+ } #type: Dict[str, List[Set[str]]]
+ self.arguments_for['mac_length'] += ['1', '63']
+ self.arguments_for['min_mac_length'] += ['1', '63']
+ self.arguments_for['tag_length'] += ['1', '63']
+ self.arguments_for['min_tag_length'] += ['1', '63']
+
+ def add_numerical_values(self) -> None:
+ """Add numerical values that are not supported to the known identifiers."""
+ # Sets of names per type
+ self.algorithms.add('0xffffffff')
+ self.ecc_curves.add('0xff')
+ self.dh_groups.add('0xff')
+ self.key_types.add('0xffff')
+ self.key_usage_flags.add('0x80000000')
+
+ # Hard-coded values for unknown algorithms
+ #
+ # These have to have values that are correct for their respective
+ # PSA_ALG_IS_xxx macros, but are also not currently assigned and are
+ # not likely to be assigned in the near future.
+ self.hash_algorithms.add('0x020000fe') # 0x020000ff is PSA_ALG_ANY_HASH
+ self.mac_algorithms.add('0x03007fff')
+ self.ka_algorithms.add('0x09fc0000')
+ self.kdf_algorithms.add('0x080000ff')
+ self.pake_algorithms.add('0x0a0000ff')
+ # For AEAD algorithms, the only variability is over the tag length,
+ # and this only applies to known algorithms, so don't test an
+ # unknown algorithm.
+
+ def get_names(self, type_word: str) -> Set[str]:
+ """Return the set of known names of values of the given type."""
+ return {
+ 'status': self.statuses,
+ 'algorithm': self.algorithms,
+ 'ecc_curve': self.ecc_curves,
+ 'dh_group': self.dh_groups,
+ 'key_type': self.key_types,
+ 'key_usage': self.key_usage_flags,
+ }[type_word]
+
+ # Regex for interesting header lines.
+ # Groups: 1=macro name, 2=type, 3=argument list (optional).
+ _header_line_re = \
+ re.compile(r'#define +' +
+ r'(PSA_((?:(?:DH|ECC|KEY)_)?[A-Z]+)_\w+)' +
+ r'(?:\(([^\n()]*)\))?')
+ # Regex of macro names to exclude.
+ _excluded_name_re = re.compile(r'_(?:GET|IS|OF)_|_(?:BASE|FLAG|MASK)\Z')
+ # Additional excluded macros.
+ _excluded_names = set([
+ # Macros that provide an alternative way to build the same
+ # algorithm as another macro.
+ 'PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG',
+ 'PSA_ALG_FULL_LENGTH_MAC',
+ # Auxiliary macro whose name doesn't fit the usual patterns for
+ # auxiliary macros.
+ 'PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE',
+ ])
+ def parse_header_line(self, line: str) -> None:
+ """Parse a C header line, looking for "#define PSA_xxx"."""
+ m = re.match(self._header_line_re, line)
+ if not m:
+ return
+ name = m.group(1)
+ self.all_declared.add(name)
+ if re.search(self._excluded_name_re, name) or \
+ name in self._excluded_names or \
+ self.is_internal_name(name):
+ return
+ dest = self.table_by_prefix.get(m.group(2))
+ if dest is None:
+ return
+ dest.add(name)
+ if m.group(3):
+ self.argspecs[name] = self._argument_split(m.group(3))
+
+ _nonascii_re = re.compile(rb'[^\x00-\x7f]+') #type: Pattern
+ def parse_header(self, filename: str) -> None:
+ """Parse a C header file, looking for "#define PSA_xxx"."""
+ with read_file_lines(filename, binary=True) as lines:
+ for line in lines:
+ line = re.sub(self._nonascii_re, rb'', line).decode('ascii')
+ self.parse_header_line(line)
+
+ _macro_identifier_re = re.compile(r'[A-Z]\w+')
+ def generate_undeclared_names(self, expr: str) -> Iterable[str]:
+ for name in re.findall(self._macro_identifier_re, expr):
+ if name not in self.all_declared:
+ yield name
+
+ def accept_test_case_line(self, function: str, argument: str) -> bool:
+ #pylint: disable=unused-argument
+ undeclared = list(self.generate_undeclared_names(argument))
+ if undeclared:
+ raise Exception('Undeclared names in test case', undeclared)
+ return True
+
+ @staticmethod
+ def normalize_argument(argument: str) -> str:
+ """Normalize whitespace in the given C expression.
+
+ The result uses the same whitespace as
+ ` PSAMacroEnumerator.distribute_arguments`.
+ """
+ return re.sub(r',', r', ', re.sub(r' +', r'', argument))
+
+ def add_test_case_line(self, function: str, argument: str) -> None:
+ """Parse a test case data line, looking for algorithm metadata tests."""
+ sets = []
+ if function.endswith('_algorithm'):
+ sets.append(self.algorithms)
+ if function == 'key_agreement_algorithm' and \
+ argument.startswith('PSA_ALG_KEY_AGREEMENT('):
+ # We only want *raw* key agreement algorithms as such, so
+ # exclude ones that are already chained with a KDF.
+ # Keep the expression as one to test as an algorithm.
+ function = 'other_algorithm'
+ sets += self.table_by_test_function[function]
+ if self.accept_test_case_line(function, argument):
+ for s in sets:
+ s.add(self.normalize_argument(argument))
+
+ # Regex matching a *.data line containing a test function call and
+ # its arguments. The actual definition is partly positional, but this
+ # regex is good enough in practice.
+ _test_case_line_re = re.compile(r'(?!depends_on:)(\w+):([^\n :][^:\n]*)')
+ def parse_test_cases(self, filename: str) -> None:
+ """Parse a test case file (*.data), looking for algorithm metadata tests."""
+ with read_file_lines(filename) as lines:
+ for line in lines:
+ m = re.match(self._test_case_line_re, line)
+ if m:
+ self.add_test_case_line(m.group(1), m.group(2))
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index a9c9cf3..7898004 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -151,6 +151,8 @@
add_test_suite(psa_crypto_se_driver_hal_mocks)
add_test_suite(psa_crypto_slot_management)
add_test_suite(psa_crypto_storage_format psa_crypto_storage_format.misc)
+add_test_suite(psa_crypto_storage_format psa_crypto_storage_format.current)
+add_test_suite(psa_crypto_storage_format psa_crypto_storage_format.v0)
add_test_suite(psa_its)
add_test_suite(random)
add_test_suite(rsa)
diff --git a/tests/context-info.sh b/tests/context-info.sh
index 3465298..e02d330 100755
--- a/tests/context-info.sh
+++ b/tests/context-info.sh
@@ -214,7 +214,6 @@
-u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
-u "MBEDTLS_SSL_SESSION_TICKETS$" \
-u "MBEDTLS_SSL_SESSION_TICKETS and client$" \
- -u "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
-u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
-u "MBEDTLS_SSL_ALPN$" \
-u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
@@ -238,7 +237,6 @@
-u "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
-u "MBEDTLS_SSL_SESSION_TICKETS$" \
-u "MBEDTLS_SSL_SESSION_TICKETS and client$" \
- -u "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
-u "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
-u "MBEDTLS_SSL_ALPN$" \
-u "ciphersuite.* TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256$" \
@@ -345,7 +343,6 @@
-n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
-n "MBEDTLS_SSL_SESSION_TICKETS$" \
-n "MBEDTLS_SSL_SESSION_TICKETS and client$" \
- -n "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
-n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
-n "MBEDTLS_SSL_ALPN$" \
@@ -357,7 +354,6 @@
-n "MBEDTLS_SSL_ENCRYPT_THEN_MAC$" \
-n "MBEDTLS_SSL_SESSION_TICKETS$" \
-n "MBEDTLS_SSL_SESSION_TICKETS and client$" \
- -n "MBEDTLS_SSL_DTLS_BADMAC_LIMIT$" \
-n "MBEDTLS_SSL_DTLS_ANTI_REPLAY$" \
-n "MBEDTLS_SSL_ALPN$" \
diff --git a/tests/include/alt-dummy/aes_alt.h b/tests/include/alt-dummy/aes_alt.h
new file mode 100644
index 0000000..f226188
--- /dev/null
+++ b/tests/include/alt-dummy/aes_alt.h
@@ -0,0 +1,37 @@
+/* aes_alt.h with dummy types for MBEDTLS_AES_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef AES_ALT_H
+#define AES_ALT_H
+
+typedef struct mbedtls_aes_context
+{
+ int dummy;
+}
+mbedtls_aes_context;
+
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+
+typedef struct mbedtls_aes_xts_context
+{
+ int dummy;
+} mbedtls_aes_xts_context;
+#endif
+
+
+#endif /* aes_alt.h */
diff --git a/tests/include/alt-dummy/arc4_alt.h b/tests/include/alt-dummy/arc4_alt.h
new file mode 100644
index 0000000..b8c2e86
--- /dev/null
+++ b/tests/include/alt-dummy/arc4_alt.h
@@ -0,0 +1,30 @@
+/* arc4_alt.h with dummy types for MBEDTLS_ARC4_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#ifndef ARC4_ALT_H
+#define ARC4_ALT_H
+
+typedef struct mbedtls_arc4_context
+{
+ int dummy;
+}
+mbedtls_arc4_context;
+
+
+#endif /* arc4_alt.h */
diff --git a/tests/include/alt-dummy/aria_alt.h b/tests/include/alt-dummy/aria_alt.h
new file mode 100644
index 0000000..5f2335b
--- /dev/null
+++ b/tests/include/alt-dummy/aria_alt.h
@@ -0,0 +1,29 @@
+/* aria_alt.h with dummy types for MBEDTLS_ARIA_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef ARIA_ALT_H
+#define ARIA_ALT_H
+
+typedef struct mbedtls_aria_context
+{
+ int dummy;
+}
+mbedtls_aria_context;
+
+
+#endif /* aria_alt.h */
diff --git a/tests/include/alt-dummy/blowfish_alt.h b/tests/include/alt-dummy/blowfish_alt.h
new file mode 100644
index 0000000..5a4f739
--- /dev/null
+++ b/tests/include/alt-dummy/blowfish_alt.h
@@ -0,0 +1,29 @@
+/* blowfish_alt.h with dummy types for MBEDTLS_BLOWFISH_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef BLOWFISH_ALT_H
+#define BLOWFISH_ALT_H
+
+typedef struct mbedtls_blowfish_context
+{
+ int dummy;
+}
+mbedtls_blowfish_context;
+
+
+#endif /* blowfish_alt.h */
diff --git a/tests/include/alt-dummy/camellia_alt.h b/tests/include/alt-dummy/camellia_alt.h
new file mode 100644
index 0000000..c23d1b4
--- /dev/null
+++ b/tests/include/alt-dummy/camellia_alt.h
@@ -0,0 +1,29 @@
+/* camellia_alt.h with dummy types for MBEDTLS_CAMELLIA_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef CAMELLIA_ALT_H
+#define CAMELLIA_ALT_H
+
+typedef struct mbedtls_camellia_context
+{
+ int dummy;
+}
+mbedtls_camellia_context;
+
+
+#endif /* camellia_alt.h */
diff --git a/tests/include/alt-dummy/ccm_alt.h b/tests/include/alt-dummy/ccm_alt.h
new file mode 100644
index 0000000..dcb834e
--- /dev/null
+++ b/tests/include/alt-dummy/ccm_alt.h
@@ -0,0 +1,29 @@
+/* ccm_alt.h with dummy types for MBEDTLS_CCM_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef CCM_ALT_H
+#define CCM_ALT_H
+
+typedef struct mbedtls_ccm_context
+{
+ int dummy;
+}
+mbedtls_ccm_context;
+
+
+#endif /* ccm_alt.h */
diff --git a/tests/include/alt-dummy/chacha20_alt.h b/tests/include/alt-dummy/chacha20_alt.h
new file mode 100644
index 0000000..7a5a25c
--- /dev/null
+++ b/tests/include/alt-dummy/chacha20_alt.h
@@ -0,0 +1,29 @@
+/* chacha20_alt.h with dummy types for MBEDTLS_CHACHA20_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef CHACHA20_ALT_H
+#define CHACHA20_ALT_H
+
+typedef struct mbedtls_chacha20_context
+{
+ int dummy;
+}
+mbedtls_chacha20_context;
+
+
+#endif /* chacha20_alt.h */
diff --git a/tests/include/alt-dummy/chachapoly_alt.h b/tests/include/alt-dummy/chachapoly_alt.h
new file mode 100644
index 0000000..448517d
--- /dev/null
+++ b/tests/include/alt-dummy/chachapoly_alt.h
@@ -0,0 +1,31 @@
+/* chachapoly_alt.h with dummy types for MBEDTLS_CHACHAPOLY_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef CHACHAPOLY_ALT_H
+#define CHACHAPOLY_ALT_H
+
+#include "mbedtls/chacha20.h"
+
+typedef struct mbedtls_chachapoly_context
+{
+ int dummy;
+}
+mbedtls_chachapoly_context;
+
+
+#endif /* chachapoly_alt.h */
diff --git a/tests/include/alt-dummy/cmac_alt.h b/tests/include/alt-dummy/cmac_alt.h
new file mode 100644
index 0000000..4c9feee
--- /dev/null
+++ b/tests/include/alt-dummy/cmac_alt.h
@@ -0,0 +1,28 @@
+/* cmac_alt.h with dummy types for MBEDTLS_CMAC_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef CMAC_ALT_H
+#define CMAC_ALT_H
+
+struct mbedtls_cmac_context_t
+{
+ int dummy;
+};
+
+
+#endif /* cmac_alt.h */
diff --git a/tests/include/alt-dummy/des_alt.h b/tests/include/alt-dummy/des_alt.h
new file mode 100644
index 0000000..e5a0bd3
--- /dev/null
+++ b/tests/include/alt-dummy/des_alt.h
@@ -0,0 +1,36 @@
+/* des_alt.h with dummy types for MBEDTLS_DES_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#ifndef DES_ALT_H
+#define DES_ALT_H
+
+typedef struct mbedtls_des_context
+{
+ int dummy;
+}
+mbedtls_des_context;
+
+typedef struct mbedtls_des3_context
+{
+ int dummy;
+}
+mbedtls_des3_context;
+
+
+#endif /* des_alt.h */
diff --git a/tests/include/alt-dummy/dhm_alt.h b/tests/include/alt-dummy/dhm_alt.h
new file mode 100644
index 0000000..6289a41
--- /dev/null
+++ b/tests/include/alt-dummy/dhm_alt.h
@@ -0,0 +1,29 @@
+/* dhm_alt.h with dummy types for MBEDTLS_DHM_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef DHM_ALT_H
+#define DHM_ALT_H
+
+typedef struct mbedtls_dhm_context
+{
+ int dummy;
+}
+mbedtls_dhm_context;
+
+
+#endif /* dhm_alt.h */
diff --git a/tests/include/alt-dummy/ecjpake_alt.h b/tests/include/alt-dummy/ecjpake_alt.h
new file mode 100644
index 0000000..8de0fcf
--- /dev/null
+++ b/tests/include/alt-dummy/ecjpake_alt.h
@@ -0,0 +1,28 @@
+/* ecjpake_alt.h with dummy types for MBEDTLS_ECJPAKE_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef ECJPAKE_ALT_H
+#define ECJPAKE_ALT_H
+
+typedef struct mbedtls_ecjpake_context
+{
+ int dummy;
+} mbedtls_ecjpake_context;
+
+
+#endif /* ecjpake_alt.h */
diff --git a/tests/include/alt-dummy/ecp_alt.h b/tests/include/alt-dummy/ecp_alt.h
new file mode 100644
index 0000000..d263871
--- /dev/null
+++ b/tests/include/alt-dummy/ecp_alt.h
@@ -0,0 +1,35 @@
+/* ecp_alt.h with dummy types for MBEDTLS_ECP_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef ECP_ALT_H
+#define ECP_ALT_H
+
+typedef struct mbedtls_ecp_group
+{
+ const mbedtls_ecp_group_id id;
+ const mbedtls_mpi P;
+ const mbedtls_mpi A;
+ const mbedtls_mpi B;
+ const mbedtls_ecp_point G;
+ const mbedtls_mpi N;
+ const size_t pbits;
+ const size_t nbits;
+}
+mbedtls_ecp_group;
+
+#endif /* ecp_alt.h */
diff --git a/tests/include/alt-dummy/gcm_alt.h b/tests/include/alt-dummy/gcm_alt.h
new file mode 100644
index 0000000..94986ff
--- /dev/null
+++ b/tests/include/alt-dummy/gcm_alt.h
@@ -0,0 +1,29 @@
+/* gcm_alt.h with dummy types for MBEDTLS_GCM_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef GCM_ALT_H
+#define GCM_ALT_H
+
+typedef struct mbedtls_gcm_context
+{
+ int dummy;
+}
+mbedtls_gcm_context;
+
+
+#endif /* gcm_alt.h */
diff --git a/tests/include/alt-dummy/md2_alt.h b/tests/include/alt-dummy/md2_alt.h
new file mode 100644
index 0000000..70c7f15
--- /dev/null
+++ b/tests/include/alt-dummy/md2_alt.h
@@ -0,0 +1,30 @@
+/* md2_alt.h with dummy types for MBEDTLS_MD2_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#ifndef MD2_ALT_H
+#define MD2_ALT_H
+
+typedef struct mbedtls_md2_context
+{
+ int dummy;
+}
+mbedtls_md2_context;
+
+
+#endif /* md2_alt.h */
diff --git a/tests/include/alt-dummy/md4_alt.h b/tests/include/alt-dummy/md4_alt.h
new file mode 100644
index 0000000..db13f3d
--- /dev/null
+++ b/tests/include/alt-dummy/md4_alt.h
@@ -0,0 +1,30 @@
+/* md4_alt.h with dummy types for MBEDTLS_MD4_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#ifndef MD4_ALT_H
+#define MD4_ALT_H
+
+typedef struct mbedtls_md4_context
+{
+ int dummy;
+}
+mbedtls_md4_context;
+
+
+#endif /* md4_alt.h */
diff --git a/tests/include/alt-dummy/md5_alt.h b/tests/include/alt-dummy/md5_alt.h
new file mode 100644
index 0000000..c119147
--- /dev/null
+++ b/tests/include/alt-dummy/md5_alt.h
@@ -0,0 +1,29 @@
+/* md5_alt.h with dummy types for MBEDTLS_MD5_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef MD5_ALT_H
+#define MD5_ALT_H
+
+typedef struct mbedtls_md5_context
+{
+ int dummy;
+}
+mbedtls_md5_context;
+
+
+#endif /* md5_alt.h */
diff --git a/tests/include/alt-dummy/nist_kw_alt.h b/tests/include/alt-dummy/nist_kw_alt.h
new file mode 100644
index 0000000..8fec116
--- /dev/null
+++ b/tests/include/alt-dummy/nist_kw_alt.h
@@ -0,0 +1,27 @@
+/* nist_kw_alt.h with dummy types for MBEDTLS_NIST_KW_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef NIST_KW_ALT_H
+#define NIST_KW_ALT_H
+
+typedef struct {
+ int dummy;
+} mbedtls_nist_kw_context;
+
+
+#endif /* nist_kw_alt.h */
diff --git a/tests/include/alt-dummy/platform_alt.h b/tests/include/alt-dummy/platform_alt.h
new file mode 100644
index 0000000..2bf712d
--- /dev/null
+++ b/tests/include/alt-dummy/platform_alt.h
@@ -0,0 +1,29 @@
+/* platform_alt.h with dummy types for MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PLATFORM_ALT_H
+#define PLATFORM_ALT_H
+
+typedef struct mbedtls_platform_context
+{
+ int dummy;
+}
+mbedtls_platform_context;
+
+
+#endif /* platform_alt.h */
diff --git a/tests/include/alt-dummy/poly1305_alt.h b/tests/include/alt-dummy/poly1305_alt.h
new file mode 100644
index 0000000..b8c1210
--- /dev/null
+++ b/tests/include/alt-dummy/poly1305_alt.h
@@ -0,0 +1,29 @@
+/* poly1305_alt.h with dummy types for MBEDTLS_POLY1305_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef POLY1305_ALT_H
+#define POLY1305_ALT_H
+
+typedef struct mbedtls_poly1305_context
+{
+ int dummy;
+}
+mbedtls_poly1305_context;
+
+
+#endif /* poly1305_alt.h */
diff --git a/tests/include/alt-dummy/ripemd160_alt.h b/tests/include/alt-dummy/ripemd160_alt.h
new file mode 100644
index 0000000..722aeeb
--- /dev/null
+++ b/tests/include/alt-dummy/ripemd160_alt.h
@@ -0,0 +1,29 @@
+/* ripemd160_alt.h with dummy types for MBEDTLS_RIPEMD160_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef RIPEMD160_ALT_H
+#define RIPEMD160_ALT_H
+
+typedef struct mbedtls_ripemd160_context
+{
+ int dummy;
+}
+mbedtls_ripemd160_context;
+
+
+#endif /* ripemd160_alt.h */
diff --git a/tests/include/alt-dummy/rsa_alt.h b/tests/include/alt-dummy/rsa_alt.h
new file mode 100644
index 0000000..ae80dba
--- /dev/null
+++ b/tests/include/alt-dummy/rsa_alt.h
@@ -0,0 +1,29 @@
+/* rsa_alt.h with dummy types for MBEDTLS_RSA_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef RSA_ALT_H
+#define RSA_ALT_H
+
+typedef struct mbedtls_rsa_context
+{
+ int dummy;
+}
+mbedtls_rsa_context;
+
+
+#endif /* rsa_alt.h */
diff --git a/tests/include/alt-dummy/sha1_alt.h b/tests/include/alt-dummy/sha1_alt.h
new file mode 100644
index 0000000..df2990b
--- /dev/null
+++ b/tests/include/alt-dummy/sha1_alt.h
@@ -0,0 +1,29 @@
+/* sha1_alt.h with dummy types for MBEDTLS_SHA1_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef SHA1_ALT_H
+#define SHA1_ALT_H
+
+typedef struct mbedtls_sha1_context
+{
+ int dummy;
+}
+mbedtls_sha1_context;
+
+
+#endif /* sha1_alt.h */
diff --git a/tests/include/alt-dummy/sha256_alt.h b/tests/include/alt-dummy/sha256_alt.h
new file mode 100644
index 0000000..7e501ed
--- /dev/null
+++ b/tests/include/alt-dummy/sha256_alt.h
@@ -0,0 +1,29 @@
+/* sha256_alt.h with dummy types for MBEDTLS_SHA256_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef SHA256_ALT_H
+#define SHA256_ALT_H
+
+typedef struct mbedtls_sha256_context
+{
+ int dummy;
+}
+mbedtls_sha256_context;
+
+
+#endif /* sha256_alt.h */
diff --git a/tests/include/alt-dummy/sha512_alt.h b/tests/include/alt-dummy/sha512_alt.h
new file mode 100644
index 0000000..45c9599
--- /dev/null
+++ b/tests/include/alt-dummy/sha512_alt.h
@@ -0,0 +1,29 @@
+/* sha512_alt.h with dummy types for MBEDTLS_SHA512_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef SHA512_ALT_H
+#define SHA512_ALT_H
+
+typedef struct mbedtls_sha512_context
+{
+ int dummy;
+}
+mbedtls_sha512_context;
+
+
+#endif /* sha512_alt.h */
diff --git a/tests/include/alt-dummy/threading_alt.h b/tests/include/alt-dummy/threading_alt.h
new file mode 100644
index 0000000..ff2fed5
--- /dev/null
+++ b/tests/include/alt-dummy/threading_alt.h
@@ -0,0 +1,27 @@
+/* threading_alt.h with dummy types for MBEDTLS_THREADING_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef THREADING_ALT_H
+#define THREADING_ALT_H
+
+typedef struct mbedtls_threading_mutex_t
+{
+ int dummy;
+} mbedtls_threading_mutex_t;
+
+#endif /* threading_alt.h */
diff --git a/tests/include/alt-dummy/timing_alt.h b/tests/include/alt-dummy/timing_alt.h
new file mode 100644
index 0000000..f2da154
--- /dev/null
+++ b/tests/include/alt-dummy/timing_alt.h
@@ -0,0 +1,33 @@
+/* timing_alt.h with dummy types for MBEDTLS_TIMING_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef TIMING_ALT_H
+#define TIMING_ALT_H
+
+struct mbedtls_timing_hr_time
+{
+ int dummy;
+};
+
+typedef struct mbedtls_timing_delay_context
+{
+ int dummy;
+} mbedtls_timing_delay_context;
+
+
+#endif /* timing_alt.h */
diff --git a/tests/include/alt-dummy/xtea_alt.h b/tests/include/alt-dummy/xtea_alt.h
new file mode 100644
index 0000000..cb21a3a
--- /dev/null
+++ b/tests/include/alt-dummy/xtea_alt.h
@@ -0,0 +1,29 @@
+/* xtea_alt.h with dummy types for MBEDTLS_XTEA_ALT */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef XTEA_ALT_H
+#define XTEA_ALT_H
+
+typedef struct mbedtls_xtea_context
+{
+ int dummy;
+}
+mbedtls_xtea_context;
+
+
+#endif /* xtea_alt.h */
diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h
index 9bfe085..ab9a0c3 100644
--- a/tests/include/test/helpers.h
+++ b/tests/include/test/helpers.h
@@ -25,6 +25,11 @@
#ifndef TEST_HELPERS_H
#define TEST_HELPERS_H
+/* Most fields of publicly available structs are private and are wrapped with
+ * MBEDTLS_PRIVATE macro. This define allows tests to access the private fields
+ * directly (without using the MBEDTLS_PRIVATE wrapper). */
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
@@ -175,95 +180,6 @@
int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b,
uint32_t a_len, uint32_t b_len );
-#if defined(MBEDTLS_CHECK_PARAMS)
-
-typedef struct
-{
- const char *failure_condition;
- const char *file;
- int line;
-}
-mbedtls_test_param_failed_location_record_t;
-
-/**
- * \brief Get the location record of the last call to
- * mbedtls_test_param_failed().
- *
- * \note The call expectation is set up and active until the next call to
- * mbedtls_test_param_failed_check_expected_call() or
- * mbedtls_param_failed() that cancels it.
- */
-void mbedtls_test_param_failed_get_location_record(
- mbedtls_test_param_failed_location_record_t *location_record );
-
-/**
- * \brief State that a call to mbedtls_param_failed() is expected.
- *
- * \note The call expectation is set up and active until the next call to
- * mbedtls_test_param_failed_check_expected_call() or
- * mbedtls_param_failed that cancel it.
- */
-void mbedtls_test_param_failed_expect_call( void );
-
-/**
- * \brief Check whether mbedtls_param_failed() has been called as expected.
- *
- * \note Check whether mbedtls_param_failed() has been called between the
- * last call to mbedtls_test_param_failed_expect_call() and the call
- * to this function.
- *
- * \return \c 0 Since the last call to mbedtls_param_failed_expect_call(),
- * mbedtls_param_failed() has been called.
- * \c -1 Otherwise.
- */
-int mbedtls_test_param_failed_check_expected_call( void );
-
-/**
- * \brief Get the address of the object of type jmp_buf holding the execution
- * state information used by mbedtls_param_failed() to do a long jump.
- *
- * \note If a call to mbedtls_param_failed() is not expected in the sense
- * that there is no call to mbedtls_test_param_failed_expect_call()
- * preceding it, then mbedtls_param_failed() will try to restore the
- * execution to the state stored in the jmp_buf object whose address
- * is returned by the present function.
- *
- * \note This function is intended to provide the parameter of the
- * setjmp() function to set-up where mbedtls_param_failed() should
- * long-jump if it has to. It is foreseen to be used as:
- *
- * setjmp( mbedtls_test_param_failed_get_state_buf() ).
- *
- * \note The type of the returned value is not jmp_buf as jmp_buf is an
- * an array type (C specification) and a function cannot return an
- * array type.
- *
- * \note The type of the returned value is not jmp_buf* as then the return
- * value couldn't be used by setjmp(), as its parameter's type is
- * jmp_buf.
- *
- * \return Address of the object of type jmp_buf holding the execution state
- * information used by mbedtls_param_failed() to do a long jump.
- */
-void* mbedtls_test_param_failed_get_state_buf( void );
-
-/**
- * \brief Reset the execution state used by mbedtls_param_failed() to do a
- * long jump.
- *
- * \note If a call to mbedtls_param_failed() is not expected in the sense
- * that there is no call to mbedtls_test_param_failed_expect_call()
- * preceding it, then mbedtls_param_failed() will try to restore the
- * execution state that this function reset.
- *
- * \note It is recommended to reset the execution state when the state
- * is not relevant anymore. That way an unexpected call to
- * mbedtls_param_failed() will not trigger a long jump with
- * undefined behavior but rather a long jump that will rather fault.
- */
-void mbedtls_test_param_failed_reset_state( void );
-#endif /* MBEDTLS_CHECK_PARAMS */
-
#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
#include "test/fake_external_rng_for_test.h"
#endif
diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h
index 450bc2c..87e86d3 100644
--- a/tests/include/test/macros.h
+++ b/tests/include/test/macros.h
@@ -58,13 +58,6 @@
* It allows a library function to return a value and return an error
* code that can be tested.
*
- * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure
- * callback, MBEDTLS_PARAM_FAILED(), will be assumed to be a test
- * failure.
- *
- * This macro is not suitable for negative parameter validation tests,
- * as it assumes the test step will not create an error.
- *
* Failing the test means:
* - Mark this test case as failed.
* - Print a message identifying the failure.
@@ -181,139 +174,6 @@
} \
} while( 0 )
-#if defined(MBEDTLS_CHECK_PARAMS) && !defined(MBEDTLS_PARAM_FAILED_ALT)
-/**
- * \brief This macro tests the statement passed to it as a test step or
- * individual test in a test case. The macro assumes the test will fail
- * and will generate an error.
- *
- * It allows a library function to return a value and tests the return
- * code on return to confirm the given error code was returned.
- *
- * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure
- * callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the
- * expected failure, and the test will pass.
- *
- * This macro is intended for negative parameter validation tests,
- * where the failing function may return an error value or call
- * MBEDTLS_PARAM_FAILED() to indicate the error.
- *
- * \param PARAM_ERROR_VALUE The expected error code.
- *
- * \param TEST The test expression to be tested.
- */
-#define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \
- do { \
- mbedtls_test_param_failed_expect_call( ); \
- if( ( ( TEST ) != ( PARAM_ERR_VALUE ) ) || \
- ( mbedtls_test_param_failed_check_expected_call( ) != 0 ) ) \
- { \
- mbedtls_test_fail( #TEST, __LINE__, __FILE__ ); \
- goto exit; \
- } \
- mbedtls_test_param_failed_check_expected_call( ); \
- } while( 0 )
-
-/**
- * \brief This macro tests the statement passed to it as a test step or
- * individual test in a test case. The macro assumes the test will fail
- * and will generate an error.
- *
- * It assumes the library function under test cannot return a value and
- * assumes errors can only be indicated byt calls to
- * MBEDTLS_PARAM_FAILED().
- *
- * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure
- * callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the
- * expected failure. If MBEDTLS_CHECK_PARAMS is not enabled, no test
- * can be made.
- *
- * This macro is intended for negative parameter validation tests,
- * where the failing function can only return an error by calling
- * MBEDTLS_PARAM_FAILED() to indicate the error.
- *
- * \param TEST The test expression to be tested.
- */
-#define TEST_INVALID_PARAM( TEST ) \
- do { \
- memcpy( jmp_tmp, mbedtls_test_param_failed_get_state_buf( ), \
- sizeof( jmp_tmp ) ); \
- if( setjmp( mbedtls_test_param_failed_get_state_buf( ) ) == 0 ) \
- { \
- TEST; \
- mbedtls_test_fail( #TEST, __LINE__, __FILE__ ); \
- goto exit; \
- } \
- mbedtls_test_param_failed_reset_state( ); \
- } while( 0 )
-#endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED_ALT */
-
-/**
- * \brief This macro tests the statement passed to it as a test step or
- * individual test in a test case. The macro assumes the test will not fail.
- *
- * It assumes the library function under test cannot return a value and
- * assumes errors can only be indicated by calls to
- * MBEDTLS_PARAM_FAILED().
- *
- * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure
- * callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the
- * expected failure. If MBEDTLS_CHECK_PARAMS is not enabled, no test
- * can be made.
- *
- * This macro is intended to test that functions returning void
- * accept all of the parameter values they're supposed to accept - eg
- * that they don't call MBEDTLS_PARAM_FAILED() when a parameter
- * that's allowed to be NULL happens to be NULL.
- *
- * Note: for functions that return something other that void,
- * checking that they accept all the parameters they're supposed to
- * accept is best done by using TEST_ASSERT() and checking the return
- * value as well.
- *
- * Note: this macro is available even when #MBEDTLS_CHECK_PARAMS is
- * disabled, as it makes sense to check that the functions accept all
- * legal values even if this option is disabled - only in that case,
- * the test is more about whether the function segfaults than about
- * whether it invokes MBEDTLS_PARAM_FAILED().
- *
- * \param TEST The test expression to be tested.
- */
-#define TEST_VALID_PARAM( TEST ) \
- TEST_ASSERT( ( TEST, 1 ) );
-
-/** Allocate memory dynamically and fail the test case if this fails.
- *
- * You must set \p pointer to \c NULL before calling this macro and
- * put `mbedtls_free( pointer )` in the test's cleanup code.
- *
- * If \p length is zero, the resulting \p pointer will be \c NULL.
- * This is usually what we want in tests since API functions are
- * supposed to accept null pointers when a buffer size is zero.
- *
- * This macro expands to an instruction, not an expression.
- * It may jump to the \c exit label.
- *
- * \param pointer An lvalue where the address of the allocated buffer
- * will be stored.
- * This expression may be evaluated multiple times.
- * \param length Number of elements to allocate.
- * This expression may be evaluated multiple times.
- *
- */
-#define ASSERT_ALLOC( pointer, length ) \
- do \
- { \
- TEST_ASSERT( ( pointer ) == NULL ); \
- if( ( length ) != 0 ) \
- { \
- ( pointer ) = mbedtls_calloc( sizeof( *( pointer ) ), \
- ( length ) ); \
- TEST_ASSERT( ( pointer ) != NULL ); \
- } \
- } \
- while( 0 )
-
#define TEST_HELPER_ASSERT(a) if( !( a ) ) \
{ \
mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \
diff --git a/tests/include/test/random.h b/tests/include/test/random.h
index 5e7e4e6..6428280 100644
--- a/tests/include/test/random.h
+++ b/tests/include/test/random.h
@@ -36,8 +36,11 @@
typedef struct
{
- unsigned char *buf;
+ unsigned char *buf; /* Pointer to a buffer of length bytes. */
size_t length;
+ /* If fallback_f_rng is NULL, fail after delivering length bytes. */
+ int ( *fallback_f_rng )( void*, unsigned char *, size_t );
+ void *fallback_p_rng;
} mbedtls_test_rnd_buf_info;
/**
@@ -67,24 +70,25 @@
size_t len );
/**
- * This function only returns zeros
+ * This function only returns zeros.
*
- * rng_state shall be NULL.
+ * \p rng_state shall be \c NULL.
*/
int mbedtls_test_rnd_zero_rand( void *rng_state,
unsigned char *output,
size_t len );
/**
- * This function returns random based on a buffer it receives.
+ * This function returns random data based on a buffer it receives.
*
- * rng_state shall be a pointer to a rnd_buf_info structure.
+ * \p rng_state shall be a pointer to a #mbedtls_test_rnd_buf_info structure.
*
* The number of bytes released from the buffer on each call to
- * the random function is specified by per_call. (Can be between
- * 1 and 4)
+ * the random function is specified by \p len.
*
- * After the buffer is empty it will return rand();
+ * After the buffer is empty, this function will call the fallback RNG in the
+ * #mbedtls_test_rnd_buf_info structure if there is one, and
+ * will return #MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise.
*/
int mbedtls_test_rnd_buffer_rand( void *rng_state,
unsigned char *output,
@@ -96,7 +100,7 @@
* Pseudo random is based on the XTEA encryption algorithm to
* generate pseudorandom.
*
- * rng_state shall be a pointer to a rnd_pseudo_info structure.
+ * \p rng_state shall be a pointer to a #mbedtls_test_rnd_pseudo_info structure.
*/
int mbedtls_test_rnd_pseudo_rand( void *rng_state,
unsigned char *output,
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index ef2b636..1423099 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -828,6 +828,15 @@
make test
}
+component_test_psa_crypto_rsa_no_genprime() {
+ msg "build: default config minus MBEDTLS_GENPRIME"
+ scripts/config.py unset MBEDTLS_GENPRIME
+ make
+
+ msg "test: default config minus MBEDTLS_GENPRIME"
+ make test
+}
+
component_test_ref_configs () {
msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
@@ -1076,26 +1085,8 @@
# no SSL tests as they all depend on having a DRBG
}
-component_test_new_ecdh_context () {
- msg "build: new ECDH context (ASan build)" # ~ 6 min
- scripts/config.py unset MBEDTLS_ECDH_LEGACY_CONTEXT
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
-
- msg "test: new ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s
- make test
-
- msg "test: new ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s
- if_build_succeeded tests/ssl-opt.sh -f ECDH
-
- msg "test: new ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
- # Exclude some symmetric ciphers that are redundant here to gain time.
- if_build_succeeded tests/compat.sh -f ECDH -V NO -e 'ARCFOUR\|ARIA\|CAMELLIA\|CHACHA\|DES\|RC4'
-}
-
component_test_everest () {
msg "build: Everest ECDH context (ASan build)" # ~ 6 min
- scripts/config.py unset MBEDTLS_ECDH_LEGACY_CONTEXT
scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
CC=clang cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
@@ -1113,7 +1104,6 @@
component_test_everest_curve25519_only () {
msg "build: Everest ECDH context, only Curve25519" # ~ 6 min
- scripts/config.py unset MBEDTLS_ECDH_LEGACY_CONTEXT
scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
scripts/config.py unset MBEDTLS_ECDSA_C
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
@@ -1374,6 +1364,38 @@
make TEST_CPP=1
}
+component_build_module_alt () {
+ msg "build: MBEDTLS_XXX_ALT" # ~30s
+ scripts/config.py full
+ # Disable options that are incompatible with some ALT implementations.
+ # aesni.c and padlock.c reference mbedtls_aes_context fields directly.
+ scripts/config.py unset MBEDTLS_AESNI_C
+ scripts/config.py unset MBEDTLS_PADLOCK_C
+ # You can only have one threading implementation: alt or pthread, not both.
+ scripts/config.py unset MBEDTLS_THREADING_PTHREAD
+ # The SpecifiedECDomain parsing code accesses mbedtls_ecp_group fields
+ # directly and assumes the implementation works with partial groups.
+ scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
+ # Enable all MBEDTLS_XXX_ALT for whole modules. Do not enable
+ # MBEDTLS_XXX_YYY_ALT which are for single functions.
+ scripts/config.py set-all 'MBEDTLS_([A-Z0-9]*|NIST_KW)_ALT'
+ scripts/config.py unset MBEDTLS_DHM_ALT #incompatible with MBEDTLS_DEBUG_C
+ # We can only compile, not link, since we don't have any implementations
+ # suitable for testing with the dummy alt headers.
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib
+}
+
+component_build_dhm_alt () {
+ msg "build: MBEDTLS_DHM_ALT" # ~30s
+ scripts/config.py full
+ scripts/config.py set MBEDTLS_DHM_ALT
+ # debug.c currently references mbedtls_dhm_context fields directly.
+ scripts/config.py unset MBEDTLS_DEBUG_C
+ # We can only compile, not link, since we don't have any implementations
+ # suitable for testing with the dummy alt headers.
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib
+}
+
component_test_no_use_psa_crypto_full_cmake_asan() {
# full minus MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh
msg "build: cmake, full config minus MBEDTLS_USE_PSA_CRYPTO, ASan"
@@ -1844,38 +1866,6 @@
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
}
-component_test_check_params_functionality () {
- msg "build+test: MBEDTLS_CHECK_PARAMS functionality"
- scripts/config.py full # includes CHECK_PARAMS
- # Make MBEDTLS_PARAM_FAILED call mbedtls_param_failed().
- scripts/config.py unset MBEDTLS_CHECK_PARAMS_ASSERT
- make CC=gcc CFLAGS='-Werror -O1' all test
-}
-
-component_test_check_params_without_platform () {
- msg "build+test: MBEDTLS_CHECK_PARAMS without MBEDTLS_PLATFORM_C"
- scripts/config.py full # includes CHECK_PARAMS
- # Keep MBEDTLS_PARAM_FAILED as assert.
- scripts/config.py unset MBEDTLS_PLATFORM_EXIT_ALT
- scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT
- scripts/config.py unset MBEDTLS_PLATFORM_FPRINTF_ALT
- scripts/config.py unset MBEDTLS_PLATFORM_MEMORY
- scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
- scripts/config.py unset MBEDTLS_PLATFORM_PRINTF_ALT
- scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT
- scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
- scripts/config.py unset MBEDTLS_PLATFORM_C
- make CC=gcc CFLAGS='-Werror -O1' all test
-}
-
-component_test_check_params_silent () {
- msg "build+test: MBEDTLS_CHECK_PARAMS with alternative MBEDTLS_PARAM_FAILED()"
- scripts/config.py full # includes CHECK_PARAMS
- # Set MBEDTLS_PARAM_FAILED to nothing.
- sed -i 's/.*\(#define MBEDTLS_PARAM_FAILED( cond )\).*/\1/' "$CONFIG_H"
- make CC=gcc CFLAGS='-Werror -O1' all test
-}
-
component_test_no_platform () {
# Full configuration build, without platform support, file IO and net sockets.
# This should catch missing mbedtls_printf definitions, and by disabling file
@@ -2317,7 +2307,6 @@
component_test_m32_everest () {
msg "build: i386, Everest ECDH context (ASan build)" # ~ 6 min
- scripts/config.py unset MBEDTLS_ECDH_LEGACY_CONTEXT
scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O2" LDFLAGS="-m32 $ASAN_CFLAGS"
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index b480837..a2c285f 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -44,23 +44,28 @@
UPDATE='y'
fi
+# check SCRIPT FILENAME[...]
+# check SCRIPT DIRECTORY
+# Run SCRIPT and check that it does not modify any of the specified files.
+# In the first form, there can be any number of FILENAMEs, which must be
+# regular files.
+# In the second form, there must be a single DIRECTORY, standing for the
+# list of files in the directory. Running SCRIPT must not modify any file
+# in the directory and must not add or remove files either.
+# If $UPDATE is empty, abort with an error status if a file is modified.
check()
{
SCRIPT=$1
- TO_CHECK=$2
- PATTERN=""
- FILES=""
+ shift
- if [ -d $TO_CHECK ]; then
- rm -f "$TO_CHECK"/*.bak
- for FILE in $TO_CHECK/*; do
- FILES="$FILE $FILES"
- done
- else
- FILES=$TO_CHECK
+ directory=
+ if [ -d "$1" ]; then
+ directory="$1"
+ rm -f "$directory"/*.bak
+ set -- "$1"/*
fi
- for FILE in $FILES; do
+ for FILE in "$@"; do
if [ -e "$FILE" ]; then
cp "$FILE" "$FILE.bak"
else
@@ -68,37 +73,32 @@
fi
done
- $SCRIPT
+ "$SCRIPT"
# Compare the script output to the old files and remove backups
- for FILE in $FILES; do
- if ! diff $FILE $FILE.bak >/dev/null 2>&1; then
+ for FILE in "$@"; do
+ if ! diff "$FILE" "$FILE.bak" >/dev/null 2>&1; then
echo "'$FILE' was either modified or deleted by '$SCRIPT'"
if [ -z "$UPDATE" ]; then
exit 1
fi
fi
if [ -z "$UPDATE" ]; then
- mv $FILE.bak $FILE
+ mv "$FILE.bak" "$FILE"
else
rm -f "$FILE.bak"
fi
-
- if [ -d $TO_CHECK ]; then
- # Create a grep regular expression that we can check against the
- # directory contents to test whether new files have been created
- if [ -z $PATTERN ]; then
- PATTERN="$(basename $FILE)"
- else
- PATTERN="$PATTERN\|$(basename $FILE)"
- fi
- fi
done
- if [ -d $TO_CHECK ]; then
+ if [ -n "$directory" ]; then
+ old_list="$*"
+ set -- "$directory"/*
+ new_list="$*"
# Check if there are any new files
- if ls -1 $TO_CHECK | grep -v "$PATTERN" >/dev/null 2>&1; then
- echo "Files were created by '$SCRIPT'"
+ if [ "$old_list" != "$new_list" ]; then
+ echo "Files were deleted or created by '$SCRIPT'"
+ echo "Before: $old_list"
+ echo "After: $new_list"
if [ -z "$UPDATE" ]; then
exit 1
fi
diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh
index 9492896..2a06adc 100755
--- a/tests/scripts/check-names.sh
+++ b/tests/scripts/check-names.sh
@@ -90,7 +90,7 @@
printf "Likely typos: "
sort -u actual-macros enum-consts > _caps
-HEADERS=$( ls include/mbedtls/*.h include/psa/*.h )
+HEADERS=$( ls include/mbedtls/*.h include/psa/*.h | egrep -v 'compat-2\.x\.h' )
HEADERS="$HEADERS library/*.h"
HEADERS="$HEADERS 3rdparty/everest/include/everest/everest.h 3rdparty/everest/include/everest/x25519.h"
LIBRARY="$( ls library/*.c )"
diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py
index 30f82db..8c53414 100755
--- a/tests/scripts/generate_psa_tests.py
+++ b/tests/scripts/generate_psa_tests.py
@@ -60,6 +60,14 @@
"""
return [finish_family_dependency(dep, bits) for dep in dependencies]
+SYMBOLS_WITHOUT_DEPENDENCY = frozenset([
+ 'PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG', # modifier, only in policies
+ 'PSA_ALG_AEAD_WITH_SHORTENED_TAG', # modifier
+ 'PSA_ALG_ANY_HASH', # only in policies
+ 'PSA_ALG_AT_LEAST_THIS_LENGTH_MAC', # modifier, only in policies
+ 'PSA_ALG_KEY_AGREEMENT', # chaining
+ 'PSA_ALG_TRUNCATED_MAC', # modifier
+])
def automatic_dependencies(*expressions: str) -> List[str]:
"""Infer dependencies of a test case by looking for PSA_xxx symbols.
@@ -70,6 +78,7 @@
used = set()
for expr in expressions:
used.update(re.findall(r'PSA_(?:ALG|ECC_FAMILY|KEY_TYPE)_\w+', expr))
+ used.difference_update(SYMBOLS_WITHOUT_DEPENDENCY)
return sorted(psa_want_symbol(name) for name in used)
# A temporary hack: at the time of writing, not all dependency symbols
@@ -100,24 +109,27 @@
@staticmethod
def remove_unwanted_macros(
- constructors: macro_collector.PSAMacroCollector
+ constructors: macro_collector.PSAMacroEnumerator
) -> None:
- # Mbed TLS doesn't support DSA. Don't attempt to generate any related
- # test case.
+ # Mbed TLS doesn't support finite-field DH yet and will not support
+ # finite-field DSA. Don't attempt to generate any related test case.
+ constructors.key_types.discard('PSA_KEY_TYPE_DH_KEY_PAIR')
+ constructors.key_types.discard('PSA_KEY_TYPE_DH_PUBLIC_KEY')
constructors.key_types.discard('PSA_KEY_TYPE_DSA_KEY_PAIR')
constructors.key_types.discard('PSA_KEY_TYPE_DSA_PUBLIC_KEY')
- constructors.algorithms_from_hash.pop('PSA_ALG_DSA', None)
- constructors.algorithms_from_hash.pop('PSA_ALG_DETERMINISTIC_DSA', None)
- def read_psa_interface(self) -> macro_collector.PSAMacroCollector:
+ def read_psa_interface(self) -> macro_collector.PSAMacroEnumerator:
"""Return the list of known key types, algorithms, etc."""
- constructors = macro_collector.PSAMacroCollector()
+ constructors = macro_collector.InputsForTest()
header_file_names = ['include/psa/crypto_values.h',
'include/psa/crypto_extra.h']
+ test_suites = ['tests/suites/test_suite_psa_crypto_metadata.data']
for header_file_name in header_file_names:
- with open(header_file_name, 'rb') as header_file:
- constructors.read_file(header_file)
+ constructors.parse_header(header_file_name)
+ for test_cases in test_suites:
+ constructors.parse_test_cases(test_cases)
self.remove_unwanted_macros(constructors)
+ constructors.gather_arguments()
return constructors
@@ -199,14 +211,18 @@
)
# To be added: derive
+ ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR',
+ 'PSA_KEY_TYPE_ECC_PUBLIC_KEY')
+
def test_cases_for_not_supported(self) -> Iterator[test_case.TestCase]:
"""Generate test cases that exercise the creation of keys of unsupported types."""
for key_type in sorted(self.constructors.key_types):
+ if key_type in self.ECC_KEY_TYPES:
+ continue
kt = crypto_knowledge.KeyType(key_type)
yield from self.test_cases_for_key_type_not_supported(kt)
for curve_family in sorted(self.constructors.ecc_curves):
- for constr in ('PSA_KEY_TYPE_ECC_KEY_PAIR',
- 'PSA_KEY_TYPE_ECC_PUBLIC_KEY'):
+ for constr in self.ECC_KEY_TYPES:
kt = crypto_knowledge.KeyType(constr, [curve_family])
yield from self.test_cases_for_key_type_not_supported(
kt, param_descr='type')
@@ -260,13 +276,17 @@
if self.forward:
extra_arguments = []
else:
+ flags = []
# Some test keys have the RAW_DATA type and attributes that don't
# necessarily make sense. We do this to validate numerical
# encodings of the attributes.
# Raw data keys have no useful exercise anyway so there is no
# loss of test coverage.
- exercise = key.type.string != 'PSA_KEY_TYPE_RAW_DATA'
- extra_arguments = ['1' if exercise else '0']
+ if key.type.string != 'PSA_KEY_TYPE_RAW_DATA':
+ flags.append('TEST_FLAG_EXERCISE')
+ if 'READ_ONLY' in key.lifetime.string:
+ flags.append('TEST_FLAG_READ_ONLY')
+ extra_arguments = [' | '.join(flags) if flags else '0']
tc.set_arguments([key.lifetime.string,
key.type.string, str(key.bits),
key.usage.string, key.alg.string, key.alg2.string,
@@ -335,23 +355,17 @@
def all_keys_for_types(self) -> Iterator[StorageKey]:
"""Generate test keys covering key types and their representations."""
- for key_type in sorted(self.constructors.key_types):
+ key_types = sorted(self.constructors.key_types)
+ for key_type in self.constructors.generate_expressions(key_types):
yield from self.keys_for_type(key_type)
- for key_type in sorted(self.constructors.key_types_from_curve):
- for curve in sorted(self.constructors.ecc_curves):
- yield from self.keys_for_type(key_type, [curve])
- ## Diffie-Hellman (FFDH) is not supported yet, either in
- ## crypto_knowledge.py or in Mbed TLS.
- # for key_type in sorted(self.constructors.key_types_from_group):
- # for group in sorted(self.constructors.dh_groups):
- # yield from self.keys_for_type(key_type, [group])
def keys_for_algorithm(self, alg: str) -> Iterator[StorageKey]:
"""Generate test keys for the specified algorithm."""
# For now, we don't have information on the compatibility of key
# types and algorithms. So we just test the encoding of algorithms,
# and not that operations can be performed with them.
- descr = alg
+ descr = re.sub(r'PSA_ALG_', r'', alg)
+ descr = re.sub(r',', r', ', re.sub(r' +', r'', descr))
usage = 'PSA_KEY_USAGE_EXPORT'
key1 = StorageKey(version=self.version,
id=1, lifetime=0x00000001,
@@ -370,17 +384,21 @@
def all_keys_for_algorithms(self) -> Iterator[StorageKey]:
"""Generate test keys covering algorithm encodings."""
- for alg in sorted(self.constructors.algorithms):
+ algorithms = sorted(self.constructors.algorithms)
+ for alg in self.constructors.generate_expressions(algorithms):
yield from self.keys_for_algorithm(alg)
- # To do: algorithm constructors with parameters
def all_test_cases(self) -> Iterator[test_case.TestCase]:
"""Generate all storage format test cases."""
- for key in self.all_keys_for_usage_flags():
- yield self.make_test_case(key)
- for key in self.all_keys_for_types():
- yield self.make_test_case(key)
- for key in self.all_keys_for_algorithms():
+ # First build a list of all keys, then construct all the corresponding
+ # test cases. This allows all required information to be obtained in
+ # one go, which is a significant performance gain as the information
+ # includes numerical values obtained by compiling a C program.
+ keys = [] #type: List[StorageKey]
+ keys += self.all_keys_for_usage_flags()
+ keys += self.all_keys_for_types()
+ keys += self.all_keys_for_algorithms()
+ for key in keys:
yield self.make_test_case(key)
# To do: vary id, lifetime
diff --git a/tests/scripts/list-enum-consts.pl b/tests/scripts/list-enum-consts.pl
index 225612f..6d93693 100755
--- a/tests/scripts/list-enum-consts.pl
+++ b/tests/scripts/list-enum-consts.pl
@@ -23,8 +23,7 @@
-d 'include/mbedtls' or die "$0: must be run from root\n";
-@ARGV = <include/mbedtls/*.h>;
-push @ARGV, <library/*.h>;
+@ARGV = grep { ! /compat-2\.x\.h/ } <include/mbedtls/*.h>;
push @ARGV, "3rdparty/everest/include/everest/everest.h";
push @ARGV, "3rdparty/everest/include/everest/x25519.h";
push @ARGV, glob("library/*.h");
diff --git a/tests/scripts/list-identifiers.sh b/tests/scripts/list-identifiers.sh
index b8a6d53..9698fc8 100755
--- a/tests/scripts/list-identifiers.sh
+++ b/tests/scripts/list-identifiers.sh
@@ -47,9 +47,9 @@
if [ $INTERNAL ]
then
- HEADERS=$( ls library/*.h )
+ HEADERS=$( ls include/mbedtls/*_internal.h library/*.h | egrep -v 'compat-2\.x\.h' )
else
- HEADERS=$( ls include/mbedtls/*.h include/psa/*.h library/*.h )
+ HEADERS=$( ls include/mbedtls/*.h include/psa/*.h library/*.h | egrep -v 'compat-2\.x\.h' )
HEADERS="$HEADERS 3rdparty/everest/include/everest/everest.h 3rdparty/everest/include/everest/x25519.h"
fi
diff --git a/tests/scripts/list-macros.sh b/tests/scripts/list-macros.sh
index fd19c47..2e62359 100755
--- a/tests/scripts/list-macros.sh
+++ b/tests/scripts/list-macros.sh
@@ -22,7 +22,7 @@
exit 1
fi
-HEADERS=$( ls include/mbedtls/*.h include/psa/*.h tests/include/test/drivers/*.h )
+HEADERS=$( ls include/mbedtls/*.h include/psa/*.h tests/include/test/drivers/*.h | egrep -v 'compat-2\.x\.h' )
HEADERS="$HEADERS library/*.h"
HEADERS="$HEADERS 3rdparty/everest/include/everest/everest.h 3rdparty/everest/include/everest/x25519.h"
diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py
index b3fdb8d..07c8ab2 100755
--- a/tests/scripts/test_psa_constant_names.py
+++ b/tests/scripts/test_psa_constant_names.py
@@ -28,231 +28,30 @@
import re
import subprocess
import sys
+from typing import Iterable, List, Optional, Tuple
import scripts_path # pylint: disable=unused-import
from mbedtls_dev import c_build_helper
-from mbedtls_dev import macro_collector
+from mbedtls_dev.macro_collector import InputsForTest, PSAMacroEnumerator
+from mbedtls_dev import typing_util
-class ReadFileLineException(Exception):
- def __init__(self, filename, line_number):
- message = 'in {} at {}'.format(filename, line_number)
- super(ReadFileLineException, self).__init__(message)
- self.filename = filename
- self.line_number = line_number
-
-class read_file_lines:
- # Dear Pylint, conventionally, a context manager class name is lowercase.
- # pylint: disable=invalid-name,too-few-public-methods
- """Context manager to read a text file line by line.
-
- ```
- with read_file_lines(filename) as lines:
- for line in lines:
- process(line)
- ```
- is equivalent to
- ```
- with open(filename, 'r') as input_file:
- for line in input_file:
- process(line)
- ```
- except that if process(line) raises an exception, then the read_file_lines
- snippet annotates the exception with the file name and line number.
- """
- def __init__(self, filename, binary=False):
- self.filename = filename
- self.line_number = 'entry'
- self.generator = None
- self.binary = binary
- def __enter__(self):
- self.generator = enumerate(open(self.filename,
- 'rb' if self.binary else 'r'))
- return self
- def __iter__(self):
- for line_number, content in self.generator:
- self.line_number = line_number
- yield content
- self.line_number = 'exit'
- def __exit__(self, exc_type, exc_value, exc_traceback):
- if exc_type is not None:
- raise ReadFileLineException(self.filename, self.line_number) \
- from exc_value
-
-class InputsForTest(macro_collector.PSAMacroEnumerator):
- # pylint: disable=too-many-instance-attributes
- """Accumulate information about macros to test.
-
- This includes macro names as well as information about their arguments
- when applicable.
- """
-
- def __init__(self):
- super().__init__()
- self.all_declared = set()
- # Sets of names per type
- self.statuses.add('PSA_SUCCESS')
- self.algorithms.add('0xffffffff')
- self.ecc_curves.add('0xff')
- self.dh_groups.add('0xff')
- self.key_types.add('0xffff')
- self.key_usage_flags.add('0x80000000')
-
- # Hard-coded values for unknown algorithms
- #
- # These have to have values that are correct for their respective
- # PSA_ALG_IS_xxx macros, but are also not currently assigned and are
- # not likely to be assigned in the near future.
- self.hash_algorithms.add('0x020000fe') # 0x020000ff is PSA_ALG_ANY_HASH
- self.mac_algorithms.add('0x03007fff')
- self.ka_algorithms.add('0x09fc0000')
- self.kdf_algorithms.add('0x080000ff')
- # For AEAD algorithms, the only variability is over the tag length,
- # and this only applies to known algorithms, so don't test an
- # unknown algorithm.
-
- # Identifier prefixes
- self.table_by_prefix = {
- 'ERROR': self.statuses,
- 'ALG': self.algorithms,
- 'ECC_CURVE': self.ecc_curves,
- 'DH_GROUP': self.dh_groups,
- 'KEY_TYPE': self.key_types,
- 'KEY_USAGE': self.key_usage_flags,
- }
- # Test functions
- self.table_by_test_function = {
- # Any function ending in _algorithm also gets added to
- # self.algorithms.
- 'key_type': [self.key_types],
- 'block_cipher_key_type': [self.key_types],
- 'stream_cipher_key_type': [self.key_types],
- 'ecc_key_family': [self.ecc_curves],
- 'ecc_key_types': [self.ecc_curves],
- 'dh_key_family': [self.dh_groups],
- 'dh_key_types': [self.dh_groups],
- 'hash_algorithm': [self.hash_algorithms],
- 'mac_algorithm': [self.mac_algorithms],
- 'cipher_algorithm': [],
- 'hmac_algorithm': [self.mac_algorithms],
- 'aead_algorithm': [self.aead_algorithms],
- 'key_derivation_algorithm': [self.kdf_algorithms],
- 'key_agreement_algorithm': [self.ka_algorithms],
- 'asymmetric_signature_algorithm': [],
- 'asymmetric_signature_wildcard': [self.algorithms],
- 'asymmetric_encryption_algorithm': [],
- 'other_algorithm': [],
- }
- self.arguments_for['mac_length'] += ['1', '63']
- self.arguments_for['min_mac_length'] += ['1', '63']
- self.arguments_for['tag_length'] += ['1', '63']
- self.arguments_for['min_tag_length'] += ['1', '63']
-
- def get_names(self, type_word):
- """Return the set of known names of values of the given type."""
- return {
- 'status': self.statuses,
- 'algorithm': self.algorithms,
- 'ecc_curve': self.ecc_curves,
- 'dh_group': self.dh_groups,
- 'key_type': self.key_types,
- 'key_usage': self.key_usage_flags,
- }[type_word]
-
- # Regex for interesting header lines.
- # Groups: 1=macro name, 2=type, 3=argument list (optional).
- _header_line_re = \
- re.compile(r'#define +' +
- r'(PSA_((?:(?:DH|ECC|KEY)_)?[A-Z]+)_\w+)' +
- r'(?:\(([^\n()]*)\))?')
- # Regex of macro names to exclude.
- _excluded_name_re = re.compile(r'_(?:GET|IS|OF)_|_(?:BASE|FLAG|MASK)\Z')
- # Additional excluded macros.
- _excluded_names = set([
- # Macros that provide an alternative way to build the same
- # algorithm as another macro.
- 'PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG',
- 'PSA_ALG_FULL_LENGTH_MAC',
- # Auxiliary macro whose name doesn't fit the usual patterns for
- # auxiliary macros.
- 'PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE',
- ])
- def parse_header_line(self, line):
- """Parse a C header line, looking for "#define PSA_xxx"."""
- m = re.match(self._header_line_re, line)
- if not m:
- return
- name = m.group(1)
- self.all_declared.add(name)
- if re.search(self._excluded_name_re, name) or \
- name in self._excluded_names:
- return
- dest = self.table_by_prefix.get(m.group(2))
- if dest is None:
- return
- dest.add(name)
- if m.group(3):
- self.argspecs[name] = self._argument_split(m.group(3))
-
- _nonascii_re = re.compile(rb'[^\x00-\x7f]+')
- def parse_header(self, filename):
- """Parse a C header file, looking for "#define PSA_xxx"."""
- with read_file_lines(filename, binary=True) as lines:
- for line in lines:
- line = re.sub(self._nonascii_re, rb'', line).decode('ascii')
- self.parse_header_line(line)
-
- _macro_identifier_re = re.compile(r'[A-Z]\w+')
- def generate_undeclared_names(self, expr):
- for name in re.findall(self._macro_identifier_re, expr):
- if name not in self.all_declared:
- yield name
-
- def accept_test_case_line(self, function, argument):
- #pylint: disable=unused-argument
- undeclared = list(self.generate_undeclared_names(argument))
- if undeclared:
- raise Exception('Undeclared names in test case', undeclared)
- return True
-
- def add_test_case_line(self, function, argument):
- """Parse a test case data line, looking for algorithm metadata tests."""
- sets = []
- if function.endswith('_algorithm'):
- sets.append(self.algorithms)
- if function == 'key_agreement_algorithm' and \
- argument.startswith('PSA_ALG_KEY_AGREEMENT('):
- # We only want *raw* key agreement algorithms as such, so
- # exclude ones that are already chained with a KDF.
- # Keep the expression as one to test as an algorithm.
- function = 'other_algorithm'
- sets += self.table_by_test_function[function]
- if self.accept_test_case_line(function, argument):
- for s in sets:
- s.add(argument)
-
- # Regex matching a *.data line containing a test function call and
- # its arguments. The actual definition is partly positional, but this
- # regex is good enough in practice.
- _test_case_line_re = re.compile(r'(?!depends_on:)(\w+):([^\n :][^:\n]*)')
- def parse_test_cases(self, filename):
- """Parse a test case file (*.data), looking for algorithm metadata tests."""
- with read_file_lines(filename) as lines:
- for line in lines:
- m = re.match(self._test_case_line_re, line)
- if m:
- self.add_test_case_line(m.group(1), m.group(2))
-
-def gather_inputs(headers, test_suites, inputs_class=InputsForTest):
+def gather_inputs(headers: Iterable[str],
+ test_suites: Iterable[str],
+ inputs_class=InputsForTest) -> PSAMacroEnumerator:
"""Read the list of inputs to test psa_constant_names with."""
inputs = inputs_class()
for header in headers:
inputs.parse_header(header)
for test_cases in test_suites:
inputs.parse_test_cases(test_cases)
+ inputs.add_numerical_values()
inputs.gather_arguments()
return inputs
-def run_c(type_word, expressions, include_path=None, keep_c=False):
+def run_c(type_word: str,
+ expressions: Iterable[str],
+ include_path: Optional[str] = None,
+ keep_c: bool = False) -> List[str]:
"""Generate and run a program to print out numerical values of C expressions."""
if type_word == 'status':
cast_to = 'long'
@@ -271,14 +70,17 @@
)
NORMALIZE_STRIP_RE = re.compile(r'\s+')
-def normalize(expr):
+def normalize(expr: str) -> str:
"""Normalize the C expression so as not to care about trivial differences.
Currently "trivial differences" means whitespace.
"""
return re.sub(NORMALIZE_STRIP_RE, '', expr)
-def collect_values(inputs, type_word, include_path=None, keep_c=False):
+def collect_values(inputs: InputsForTest,
+ type_word: str,
+ include_path: Optional[str] = None,
+ keep_c: bool = False) -> Tuple[List[str], List[str]]:
"""Generate expressions using known macro names and calculate their values.
Return a list of pairs of (expr, value) where expr is an expression and
@@ -296,12 +98,12 @@
Error = namedtuple('Error',
['type', 'expression', 'value', 'output'])
- def __init__(self, options):
+ def __init__(self, options) -> None:
self.options = options
self.count = 0
- self.errors = []
+ self.errors = [] #type: List[Tests.Error]
- def run_one(self, inputs, type_word):
+ def run_one(self, inputs: InputsForTest, type_word: str) -> None:
"""Test psa_constant_names for the specified type.
Run the program on the names for this type.
@@ -311,9 +113,10 @@
expressions, values = collect_values(inputs, type_word,
include_path=self.options.include,
keep_c=self.options.keep_c)
- output = subprocess.check_output([self.options.program, type_word] +
- values)
- outputs = output.decode('ascii').strip().split('\n')
+ output_bytes = subprocess.check_output([self.options.program,
+ type_word] + values)
+ output = output_bytes.decode('ascii')
+ outputs = output.strip().split('\n')
self.count += len(expressions)
for expr, value, output in zip(expressions, values, outputs):
if self.options.show:
@@ -324,13 +127,13 @@
value=value,
output=output))
- def run_all(self, inputs):
+ def run_all(self, inputs: InputsForTest) -> None:
"""Run psa_constant_names on all the gathered inputs."""
for type_word in ['status', 'algorithm', 'ecc_curve', 'dh_group',
'key_type', 'key_usage']:
self.run_one(inputs, type_word)
- def report(self, out):
+ def report(self, out: typing_util.Writable) -> None:
"""Describe each case where the output is not as expected.
Write the errors to ``out``.
@@ -365,7 +168,7 @@
help='Program to test')
parser.add_argument('--show',
action='store_true',
- help='Keep the intermediate C file')
+ help='Show tested values on stdout')
parser.add_argument('--no-show',
action='store_false', dest='show',
help='Don\'t show tested values (default)')
diff --git a/tests/src/drivers/hash.c b/tests/src/drivers/hash.c
index f95aa6b..b1880f7 100644
--- a/tests/src/drivers/hash.c
+++ b/tests/src/drivers/hash.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include <test/helpers.h>
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa_crypto_hash.h"
diff --git a/tests/src/drivers/platform_builtin_keys.c b/tests/src/drivers/platform_builtin_keys.c
index 759fa78..da5865d 100644
--- a/tests/src/drivers/platform_builtin_keys.c
+++ b/tests/src/drivers/platform_builtin_keys.c
@@ -20,6 +20,8 @@
* limitations under the License.
*/
+#include <test/helpers.h>
+
#include <psa/crypto.h>
#include <psa/crypto_extra.h>
diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c
index 25396c9..ce9ce37 100644
--- a/tests/src/drivers/test_driver_aead.c
+++ b/tests/src/drivers/test_driver_aead.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include <test/helpers.h>
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa_crypto_aead.h"
diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c
index a415dd8..9c95cc8 100644
--- a/tests/src/drivers/test_driver_cipher.c
+++ b/tests/src/drivers/test_driver_cipher.c
@@ -18,11 +18,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include <test/helpers.h>
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa/crypto.h"
diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c
index 19e1033..afa1fc2 100644
--- a/tests/src/drivers/test_driver_key_management.c
+++ b/tests/src/drivers/test_driver_key_management.c
@@ -18,11 +18,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include <test/helpers.h>
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa/crypto.h"
diff --git a/tests/src/drivers/test_driver_mac.c b/tests/src/drivers/test_driver_mac.c
index 69af107..3b766dc 100644
--- a/tests/src/drivers/test_driver_mac.c
+++ b/tests/src/drivers/test_driver_mac.c
@@ -17,11 +17,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include <test/helpers.h>
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa_crypto_mac.h"
diff --git a/tests/src/drivers/test_driver_signature.c b/tests/src/drivers/test_driver_signature.c
index 14de831..2d58756 100644
--- a/tests/src/drivers/test_driver_signature.c
+++ b/tests/src/drivers/test_driver_signature.c
@@ -19,11 +19,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include <test/helpers.h>
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa/crypto.h"
diff --git a/tests/src/drivers/test_driver_size.c b/tests/src/drivers/test_driver_size.c
index d8bcaee..033cf32 100644
--- a/tests/src/drivers/test_driver_size.c
+++ b/tests/src/drivers/test_driver_size.c
@@ -18,11 +18,7 @@
* limitations under the License.
*/
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include <test/helpers.h>
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
diff --git a/tests/src/helpers.c b/tests/src/helpers.c
index b7c9867..cac6d4c 100644
--- a/tests/src/helpers.c
+++ b/tests/src/helpers.c
@@ -19,27 +19,9 @@
#include <test/macros.h>
#include <string.h>
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include <setjmp.h>
-#endif
-
/*----------------------------------------------------------------------------*/
/* Static global variables */
-#if defined(MBEDTLS_CHECK_PARAMS)
-typedef struct
-{
- uint8_t expected_call;
- uint8_t expected_call_happened;
-
- jmp_buf state;
-
- mbedtls_test_param_failed_location_record_t location_record;
-}
-param_failed_ctx_t;
-static param_failed_ctx_t param_failed_ctx;
-#endif
-
#if defined(MBEDTLS_PLATFORM_C)
static mbedtls_platform_context platform_ctx;
#endif
@@ -222,67 +204,6 @@
return ret;
}
-#if defined(MBEDTLS_CHECK_PARAMS)
-void mbedtls_test_param_failed_get_location_record(
- mbedtls_test_param_failed_location_record_t *location_record )
-{
- *location_record = param_failed_ctx.location_record;
-}
-
-void mbedtls_test_param_failed_expect_call( void )
-{
- param_failed_ctx.expected_call_happened = 0;
- param_failed_ctx.expected_call = 1;
-}
-
-int mbedtls_test_param_failed_check_expected_call( void )
-{
- param_failed_ctx.expected_call = 0;
-
- if( param_failed_ctx.expected_call_happened != 0 )
- return( 0 );
-
- return( -1 );
-}
-
-void* mbedtls_test_param_failed_get_state_buf( void )
-{
- return ¶m_failed_ctx.state;
-}
-
-void mbedtls_test_param_failed_reset_state( void )
-{
- memset( param_failed_ctx.state, 0, sizeof( param_failed_ctx.state ) );
-}
-
-void mbedtls_param_failed( const char *failure_condition,
- const char *file,
- int line )
-{
- /* Record the location of the failure */
- param_failed_ctx.location_record.failure_condition = failure_condition;
- param_failed_ctx.location_record.file = file;
- param_failed_ctx.location_record.line = line;
-
- /* If we are testing the callback function... */
- if( param_failed_ctx.expected_call != 0 )
- {
- param_failed_ctx.expected_call = 0;
- param_failed_ctx.expected_call_happened = 1;
- }
- else
- {
- /* ...else try a long jump. If the execution state has not been set-up
- * or reset then the long jump buffer is all zero's and the call will
- * with high probability fault, emphasizing there is something to look
- * at.
- */
-
- longjmp( param_failed_ctx.state, 1 );
- }
-}
-#endif /* MBEDTLS_CHECK_PARAMS */
-
#if defined(MBEDTLS_TEST_HOOKS)
void mbedtls_test_err_add_check( int high, int low,
const char *file, int line )
diff --git a/tests/src/random.c b/tests/src/random.c
index e01bd4d..7f3f401 100644
--- a/tests/src/random.c
+++ b/tests/src/random.c
@@ -35,6 +35,8 @@
#include <test/random.h>
#include <string.h>
+#include <mbedtls/entropy.h>
+
int mbedtls_test_rnd_std_rand( void *rng_state,
unsigned char *output,
size_t len )
@@ -91,8 +93,16 @@
}
if( len - use_len > 0 )
- return( mbedtls_test_rnd_std_rand( NULL, output + use_len,
- len - use_len ) );
+ {
+ if( info->fallback_f_rng != NULL )
+ {
+ return( info->fallback_f_rng( info->fallback_p_rng,
+ output + use_len,
+ len - use_len ) );
+ }
+ else
+ return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+ }
return( 0 );
}
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 1d49dc5..d122111 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2872,10 +2872,10 @@
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3" \
0 \
- -c "Maximum input fragment length is $MAX_CONTENT_LEN" \
- -c "Maximum output fragment length is $MAX_CONTENT_LEN" \
- -s "Maximum input fragment length is $MAX_CONTENT_LEN" \
- -s "Maximum output fragment length is $MAX_CONTENT_LEN" \
+ -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
+ -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \
+ -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
+ -s "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \
-C "client hello, adding max_fragment_length extension" \
-S "found max fragment length extension" \
-S "server hello, max_fragment_length extension" \
@@ -2886,10 +2886,10 @@
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
0 \
- -c "Maximum input fragment length is $MAX_CONTENT_LEN" \
- -c "Maximum output fragment length is $MAX_CONTENT_LEN" \
- -s "Maximum input fragment length is $MAX_CONTENT_LEN" \
- -s "Maximum output fragment length is $MAX_CONTENT_LEN" \
+ -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
+ -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \
+ -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
+ -s "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \
-C "client hello, adding max_fragment_length extension" \
-S "found max fragment length extension" \
-S "server hello, max_fragment_length extension" \
@@ -2903,10 +2903,10 @@
"$P_SRV debug_level=3 dtls=1" \
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
1 \
- -c "Maximum input fragment length is $MAX_CONTENT_LEN" \
- -c "Maximum output fragment length is $MAX_CONTENT_LEN" \
- -s "Maximum input fragment length is $MAX_CONTENT_LEN" \
- -s "Maximum output fragment length is $MAX_CONTENT_LEN" \
+ -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
+ -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \
+ -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
+ -s "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \
-C "client hello, adding max_fragment_length extension" \
-S "found max fragment length extension" \
-S "server hello, max_fragment_length extension" \
@@ -2922,10 +2922,10 @@
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
0 \
- -C "Maximum input fragment length is 16384" \
- -C "Maximum output fragment length is 16384" \
- -S "Maximum input fragment length is 16384" \
- -S "Maximum output fragment length is 16384" \
+ -C "Maximum incoming record payload length is 16384" \
+ -C "Maximum outgoing record payload length is 16384" \
+ -S "Maximum incoming record payload length is 16384" \
+ -S "Maximum outgoing record payload length is 16384" \
-c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \
-s "$MAX_CONTENT_LEN bytes read" \
-s "1 bytes read"
@@ -2935,10 +2935,10 @@
"$P_SRV debug_level=3 dtls=1" \
"$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
1 \
- -C "Maximum input fragment length is 16384" \
- -C "Maximum output fragment length is 16384" \
- -S "Maximum input fragment length is 16384" \
- -S "Maximum output fragment length is 16384" \
+ -C "Maximum incoming record payload length is 16384" \
+ -C "Maximum outgoing record payload length is 16384" \
+ -S "Maximum incoming record payload length is 16384" \
+ -S "Maximum outgoing record payload length is 16384" \
-c "fragment larger than.*maximum "
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
@@ -2946,10 +2946,10 @@
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=4096" \
0 \
- -c "Maximum input fragment length is 4096" \
- -c "Maximum output fragment length is 4096" \
- -s "Maximum input fragment length is 4096" \
- -s "Maximum output fragment length is 4096" \
+ -c "Maximum incoming record payload length is 4096" \
+ -c "Maximum outgoing record payload length is 4096" \
+ -s "Maximum incoming record payload length is 4096" \
+ -s "Maximum outgoing record payload length is 4096" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -2960,10 +2960,10 @@
"$P_SRV debug_level=3 max_frag_len=1024" \
"$P_CLI debug_level=3 max_frag_len=512" \
0 \
- -c "Maximum input fragment length is 512" \
- -c "Maximum output fragment length is 512" \
- -s "Maximum input fragment length is 512" \
- -s "Maximum output fragment length is 512" \
+ -c "Maximum incoming record payload length is 512" \
+ -c "Maximum outgoing record payload length is 512" \
+ -s "Maximum incoming record payload length is 512" \
+ -s "Maximum outgoing record payload length is 512" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -2974,10 +2974,10 @@
"$P_SRV debug_level=3 max_frag_len=2048" \
"$P_CLI debug_level=3 max_frag_len=512" \
0 \
- -c "Maximum input fragment length is 512" \
- -c "Maximum output fragment length is 512" \
- -s "Maximum input fragment length is 512" \
- -s "Maximum output fragment length is 512" \
+ -c "Maximum incoming record payload length is 512" \
+ -c "Maximum outgoing record payload length is 512" \
+ -s "Maximum incoming record payload length is 512" \
+ -s "Maximum outgoing record payload length is 512" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -2988,10 +2988,10 @@
"$P_SRV debug_level=3 max_frag_len=4096" \
"$P_CLI debug_level=3 max_frag_len=512" \
0 \
- -c "Maximum input fragment length is 512" \
- -c "Maximum output fragment length is 512" \
- -s "Maximum input fragment length is 512" \
- -s "Maximum output fragment length is 512" \
+ -c "Maximum incoming record payload length is 512" \
+ -c "Maximum outgoing record payload length is 512" \
+ -s "Maximum incoming record payload length is 512" \
+ -s "Maximum outgoing record payload length is 512" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3002,10 +3002,10 @@
"$P_SRV debug_level=3 max_frag_len=512" \
"$P_CLI debug_level=3 max_frag_len=1024" \
0 \
- -c "Maximum input fragment length is 1024" \
- -c "Maximum output fragment length is 1024" \
- -s "Maximum input fragment length is 1024" \
- -s "Maximum output fragment length is 512" \
+ -c "Maximum incoming record payload length is 1024" \
+ -c "Maximum outgoing record payload length is 1024" \
+ -s "Maximum incoming record payload length is 1024" \
+ -s "Maximum outgoing record payload length is 512" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3016,10 +3016,10 @@
"$P_SRV debug_level=3 max_frag_len=2048" \
"$P_CLI debug_level=3 max_frag_len=1024" \
0 \
- -c "Maximum input fragment length is 1024" \
- -c "Maximum output fragment length is 1024" \
- -s "Maximum input fragment length is 1024" \
- -s "Maximum output fragment length is 1024" \
+ -c "Maximum incoming record payload length is 1024" \
+ -c "Maximum outgoing record payload length is 1024" \
+ -s "Maximum incoming record payload length is 1024" \
+ -s "Maximum outgoing record payload length is 1024" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3030,10 +3030,10 @@
"$P_SRV debug_level=3 max_frag_len=4096" \
"$P_CLI debug_level=3 max_frag_len=1024" \
0 \
- -c "Maximum input fragment length is 1024" \
- -c "Maximum output fragment length is 1024" \
- -s "Maximum input fragment length is 1024" \
- -s "Maximum output fragment length is 1024" \
+ -c "Maximum incoming record payload length is 1024" \
+ -c "Maximum outgoing record payload length is 1024" \
+ -s "Maximum incoming record payload length is 1024" \
+ -s "Maximum outgoing record payload length is 1024" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3044,10 +3044,10 @@
"$P_SRV debug_level=3 max_frag_len=512" \
"$P_CLI debug_level=3 max_frag_len=2048" \
0 \
- -c "Maximum input fragment length is 2048" \
- -c "Maximum output fragment length is 2048" \
- -s "Maximum input fragment length is 2048" \
- -s "Maximum output fragment length is 512" \
+ -c "Maximum incoming record payload length is 2048" \
+ -c "Maximum outgoing record payload length is 2048" \
+ -s "Maximum incoming record payload length is 2048" \
+ -s "Maximum outgoing record payload length is 512" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3058,10 +3058,10 @@
"$P_SRV debug_level=3 max_frag_len=1024" \
"$P_CLI debug_level=3 max_frag_len=2048" \
0 \
- -c "Maximum input fragment length is 2048" \
- -c "Maximum output fragment length is 2048" \
- -s "Maximum input fragment length is 2048" \
- -s "Maximum output fragment length is 1024" \
+ -c "Maximum incoming record payload length is 2048" \
+ -c "Maximum outgoing record payload length is 2048" \
+ -s "Maximum incoming record payload length is 2048" \
+ -s "Maximum outgoing record payload length is 1024" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3072,10 +3072,10 @@
"$P_SRV debug_level=3 max_frag_len=4096" \
"$P_CLI debug_level=3 max_frag_len=2048" \
0 \
- -c "Maximum input fragment length is 2048" \
- -c "Maximum output fragment length is 2048" \
- -s "Maximum input fragment length is 2048" \
- -s "Maximum output fragment length is 2048" \
+ -c "Maximum incoming record payload length is 2048" \
+ -c "Maximum outgoing record payload length is 2048" \
+ -s "Maximum incoming record payload length is 2048" \
+ -s "Maximum outgoing record payload length is 2048" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3086,10 +3086,10 @@
"$P_SRV debug_level=3 max_frag_len=512" \
"$P_CLI debug_level=3 max_frag_len=4096" \
0 \
- -c "Maximum input fragment length is 4096" \
- -c "Maximum output fragment length is 4096" \
- -s "Maximum input fragment length is 4096" \
- -s "Maximum output fragment length is 512" \
+ -c "Maximum incoming record payload length is 4096" \
+ -c "Maximum outgoing record payload length is 4096" \
+ -s "Maximum incoming record payload length is 4096" \
+ -s "Maximum outgoing record payload length is 512" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3100,10 +3100,10 @@
"$P_SRV debug_level=3 max_frag_len=1024" \
"$P_CLI debug_level=3 max_frag_len=4096" \
0 \
- -c "Maximum input fragment length is 4096" \
- -c "Maximum output fragment length is 4096" \
- -s "Maximum input fragment length is 4096" \
- -s "Maximum output fragment length is 1024" \
+ -c "Maximum incoming record payload length is 4096" \
+ -c "Maximum outgoing record payload length is 4096" \
+ -s "Maximum incoming record payload length is 4096" \
+ -s "Maximum outgoing record payload length is 1024" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3114,10 +3114,10 @@
"$P_SRV debug_level=3 max_frag_len=2048" \
"$P_CLI debug_level=3 max_frag_len=4096" \
0 \
- -c "Maximum input fragment length is 4096" \
- -c "Maximum output fragment length is 4096" \
- -s "Maximum input fragment length is 4096" \
- -s "Maximum output fragment length is 2048" \
+ -c "Maximum incoming record payload length is 4096" \
+ -c "Maximum outgoing record payload length is 4096" \
+ -s "Maximum incoming record payload length is 4096" \
+ -s "Maximum outgoing record payload length is 2048" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3128,10 +3128,10 @@
"$P_SRV debug_level=3 max_frag_len=4096" \
"$P_CLI debug_level=3" \
0 \
- -c "Maximum input fragment length is $MAX_CONTENT_LEN" \
- -c "Maximum output fragment length is $MAX_CONTENT_LEN" \
- -s "Maximum input fragment length is $MAX_CONTENT_LEN" \
- -s "Maximum output fragment length is 4096" \
+ -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
+ -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \
+ -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
+ -s "Maximum outgoing record payload length is 4096" \
-C "client hello, adding max_fragment_length extension" \
-S "found max fragment length extension" \
-S "server hello, max_fragment_length extension" \
@@ -3143,8 +3143,8 @@
"$G_SRV" \
"$P_CLI debug_level=3 max_frag_len=4096" \
0 \
- -c "Maximum input fragment length is 4096" \
- -c "Maximum output fragment length is 4096" \
+ -c "Maximum incoming record payload length is 4096" \
+ -c "Maximum outgoing record payload length is 4096" \
-c "client hello, adding max_fragment_length extension" \
-c "found max_fragment_length extension"
@@ -3153,10 +3153,10 @@
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \
0 \
- -c "Maximum input fragment length is 2048" \
- -c "Maximum output fragment length is 2048" \
- -s "Maximum input fragment length is 2048" \
- -s "Maximum output fragment length is 2048" \
+ -c "Maximum incoming record payload length is 2048" \
+ -c "Maximum outgoing record payload length is 2048" \
+ -s "Maximum incoming record payload length is 2048" \
+ -s "Maximum outgoing record payload length is 2048" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3169,10 +3169,10 @@
"$P_SRV debug_level=3" \
"$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \
0 \
- -c "Maximum input fragment length is 2048" \
- -c "Maximum output fragment length is 2048" \
- -s "Maximum input fragment length is 2048" \
- -s "Maximum output fragment length is 2048" \
+ -c "Maximum incoming record payload length is 2048" \
+ -c "Maximum outgoing record payload length is 2048" \
+ -s "Maximum incoming record payload length is 2048" \
+ -s "Maximum outgoing record payload length is 2048" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3186,10 +3186,10 @@
"$P_SRV debug_level=3 dtls=1" \
"$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \
1 \
- -c "Maximum input fragment length is 2048" \
- -c "Maximum output fragment length is 2048" \
- -s "Maximum input fragment length is 2048" \
- -s "Maximum output fragment length is 2048" \
+ -c "Maximum incoming record payload length is 2048" \
+ -c "Maximum outgoing record payload length is 2048" \
+ -s "Maximum incoming record payload length is 2048" \
+ -s "Maximum outgoing record payload length is 2048" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -3296,10 +3296,10 @@
"$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1 max_frag_len=512" \
"$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 max_frag_len=2048 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
0 \
- -c "Maximum input fragment length is 2048" \
- -c "Maximum output fragment length is 2048" \
- -s "Maximum input fragment length is 2048" \
- -s "Maximum output fragment length is 512" \
+ -c "Maximum incoming record payload length is 2048" \
+ -c "Maximum outgoing record payload length is 2048" \
+ -s "Maximum incoming record payload length is 2048" \
+ -s "Maximum outgoing record payload length is 512" \
-c "client hello, adding max_fragment_length extension" \
-s "found max fragment length extension" \
-s "server hello, max_fragment_length extension" \
@@ -5614,17 +5614,6 @@
force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
0
-# Tests for ciphersuites per version
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_CAMELLIA_C
-requires_config_enabled MBEDTLS_AES_C
-run_test "Per-version suites: TLS 1.2" \
- "$P_SRV version_suites=TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
- "$P_CLI force_version=tls1_2" \
- 0 \
- -c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256"
-
# Test for ClientHello without extensions
requires_gnutls
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index 2ef07fa..7481c5b 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -2,13 +2,16 @@
/*----------------------------------------------------------------------------*/
/* Headers */
-#include <test/macros.h>
#include <test/helpers.h>
+#include <test/macros.h>
#include <test/random.h>
#include <test/psa_crypto_helpers.h>
#include <stdlib.h>
+#if defined (MBEDTLS_ERROR_C)
+#include "mbedtls/error.h"
+#endif
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
@@ -28,11 +31,6 @@
#include "mbedtls/memory_buffer_alloc.h"
#endif
-#if defined(MBEDTLS_CHECK_PARAMS)
-#include "mbedtls/platform_util.h"
-#include <setjmp.h>
-#endif
-
#ifdef _MSC_VER
#include <basetsd.h>
typedef UINT8 uint8_t;
@@ -78,10 +76,6 @@
/*----------------------------------------------------------------------------*/
/* Global variables */
-#if defined(MBEDTLS_CHECK_PARAMS)
-jmp_buf jmp_tmp;
-#endif
-
/*----------------------------------------------------------------------------*/
/* Helper flags for complex dependencies */
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index ac00f45..1278d95 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -29,14 +29,6 @@
#include MBEDTLS_CONFIG_FILE
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "psa/crypto.h"
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_TEST_HOOKS)
-#include "mbedtls/error.h"
-#endif
-
/* Test code may use deprecated identifiers only if the preprocessor symbol
* MBEDTLS_TEST_DEPRECATED is defined. When building tests, set
* MBEDTLS_TEST_DEPRECATED explicitly if MBEDTLS_DEPRECATED_WARNING is
@@ -159,50 +151,6 @@
};
/**
- * \brief Execute the test function.
- *
- * This is a wrapper function around the test function execution
- * to allow the setjmp() call used to catch any calls to the
- * parameter failure callback, to be used. Calls to setjmp()
- * can invalidate the state of any local auto variables.
- *
- * \param fp Function pointer to the test function.
- * \param params Parameters to pass to the #TestWrapper_t wrapper function.
- *
- */
-void execute_function_ptr(TestWrapper_t fp, void **params)
-{
-#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
- mbedtls_test_enable_insecure_external_rng( );
-#endif
-
-#if defined(MBEDTLS_CHECK_PARAMS)
- mbedtls_test_param_failed_location_record_t location_record;
-
- if ( setjmp( mbedtls_test_param_failed_get_state_buf( ) ) == 0 )
- {
- fp( params );
- }
- else
- {
- /* Unexpected parameter validation error */
- mbedtls_test_param_failed_get_location_record( &location_record );
- mbedtls_test_fail( location_record.failure_condition,
- location_record.line,
- location_record.file );
- }
-
- mbedtls_test_param_failed_reset_state( );
-#else
- fp( params );
-#endif
-
-#if defined(MBEDTLS_TEST_MUTEX_USAGE)
- mbedtls_test_mutex_usage_check( );
-#endif /* MBEDTLS_TEST_MUTEX_USAGE */
-}
-
-/**
* \brief Dispatches test functions based on function index.
*
* \param func_idx Test function index.
@@ -222,7 +170,17 @@
{
fp = test_funcs[func_idx];
if ( fp )
- execute_function_ptr(fp, params);
+ {
+ #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+ mbedtls_test_enable_insecure_external_rng( );
+ #endif
+
+ fp( params );
+
+ #if defined(MBEDTLS_TEST_MUTEX_USAGE)
+ mbedtls_test_mutex_usage_check( );
+ #endif /* MBEDTLS_TEST_MUTEX_USAGE */
+ }
else
ret = DISPATCH_UNSUPPORTED_SUITE;
}
diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index 754a167..aa3df92 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@@ -206,9 +206,6 @@
mbedtls_aes_xts_init( &ctx );
memset( data_unit, 0x00, sizeof( data_unit ) );
-
- /* Valid pointers are passed for builds with MBEDTLS_CHECK_PARAMS, as
- * otherwise we wouldn't get to the size check we're interested in. */
TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_ENCRYPT, length, data_unit, src, output ) == retval );
}
/* END_CASE */
@@ -359,194 +356,41 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void aes_check_params( )
+/* BEGIN_CASE depends_on:NOT_DEFINED */
+void aes_invalid_mode( )
{
mbedtls_aes_context aes_ctx;
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
- mbedtls_aes_xts_context xts_ctx;
-#endif
- const unsigned char key[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
const unsigned char in[16] = { 0 };
unsigned char out[16];
- size_t size;
- const int valid_mode = MBEDTLS_AES_ENCRYPT;
const int invalid_mode = 42;
- TEST_INVALID_PARAM( mbedtls_aes_init( NULL ) );
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
- TEST_INVALID_PARAM( mbedtls_aes_xts_init( NULL ) );
-#endif
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_setkey_enc( NULL, key, 128 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_setkey_enc( &aes_ctx, NULL, 128 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_setkey_dec( NULL, key, 128 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_setkey_dec( &aes_ctx, NULL, 128 ) );
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_xts_setkey_enc( NULL, key, 128 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_xts_setkey_enc( &xts_ctx, NULL, 128 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_xts_setkey_dec( NULL, key, 128 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_xts_setkey_dec( &xts_ctx, NULL, 128 ) );
-#endif
-
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ecb( NULL,
- valid_mode, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ecb( &aes_ctx,
- invalid_mode, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ecb( &aes_ctx,
- valid_mode, NULL, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ecb( &aes_ctx,
- valid_mode, in, NULL ) );
+ TEST_EQUAL( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_ecb( &aes_ctx, invalid_mode, in, out ) );
#if defined(MBEDTLS_CIPHER_MODE_CBC)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cbc( NULL,
- valid_mode, 16,
- out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cbc( &aes_ctx,
- invalid_mode, 16,
- out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cbc( &aes_ctx,
- valid_mode, 16,
- NULL, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cbc( &aes_ctx,
- valid_mode, 16,
- out, NULL, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cbc( &aes_ctx,
- valid_mode, 16,
- out, in, NULL ) );
+ TEST_EQUAL( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cbc( &aes_ctx, invalid_mode, 16,
+ out, in, out ) );
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_XTS)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_xts( NULL,
- valid_mode, 16,
- in, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_xts( &xts_ctx,
- invalid_mode, 16,
- in, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_xts( &xts_ctx,
- valid_mode, 16,
- NULL, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_xts( &xts_ctx,
- valid_mode, 16,
- in, NULL, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_xts( &xts_ctx,
- valid_mode, 16,
- in, in, NULL ) );
+ mbedtls_aes_xts_context xts_ctx;
+
+ TEST_EQUAL( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_xts( &xts_ctx, invalid_mode, 16,
+ in, in, out ) );
#endif /* MBEDTLS_CIPHER_MODE_XTS */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb128( NULL,
- valid_mode, 16,
- &size, out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb128( &aes_ctx,
- invalid_mode, 16,
- &size, out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb128( &aes_ctx,
- valid_mode, 16,
- NULL, out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb128( &aes_ctx,
- valid_mode, 16,
- &size, NULL, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb128( &aes_ctx,
- valid_mode, 16,
- &size, out, NULL, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb128( &aes_ctx,
- valid_mode, 16,
- &size, out, in, NULL ) );
+ size_t size;
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb8( NULL,
- valid_mode, 16,
- out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb8( &aes_ctx,
- invalid_mode, 16,
- out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb8( &aes_ctx,
- valid_mode, 16,
- NULL, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb8( &aes_ctx,
- valid_mode, 16,
- out, NULL, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_cfb8( &aes_ctx,
- valid_mode, 16,
- out, in, NULL ) );
+ TEST_EQUAL( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cfb128( &aes_ctx, invalid_mode, 16,
+ &size, out, in, out ) );
+ TEST_EQUAL( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
+ mbedtls_aes_crypt_cfb8( &aes_ctx, invalid_mode, 16,
+ out, in, out ) );
#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ofb( NULL, 16,
- &size, out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ofb( &aes_ctx, 16,
- NULL, out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ofb( &aes_ctx, 16,
- &size, NULL, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ofb( &aes_ctx, 16,
- &size, out, NULL, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ofb( &aes_ctx, 16,
- &size, out, in, NULL ) );
-#endif /* MBEDTLS_CIPHER_MODE_OFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ctr( NULL, 16, &size, out,
- out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ctr( &aes_ctx, 16, NULL, out,
- out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, NULL,
- out, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, out,
- NULL, in, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, out,
- out, NULL, out ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA,
- mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, out,
- out, in, NULL ) );
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
}
/* END_CASE */
@@ -569,12 +413,6 @@
size_t size;
#endif
- /* These calls accept NULL */
- TEST_VALID_PARAM( mbedtls_aes_free( NULL ) );
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
- TEST_VALID_PARAM( mbedtls_aes_xts_free( NULL ) );
-#endif
-
#if defined(MBEDTLS_CIPHER_MODE_CBC)
TEST_ASSERT( mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_ENCRYPT,
15,
@@ -609,6 +447,14 @@
TEST_ASSERT( mbedtls_aes_crypt_ofb( &aes_ctx, 16, &size, out, in, out )
== MBEDTLS_ERR_AES_BAD_INPUT_DATA );
#endif
+
+/*
+ * The following line needs to be added to make the code compilable
+ * when all the conditions above will be not define in a specific
+ * choice of features.
+ */
+ TEST_ASSERT( 1 );
+/* TODO: It will be removed when the whole test will be reworked */
}
/* END_CASE */
diff --git a/tests/suites/test_suite_aes.rest.data b/tests/suites/test_suite_aes.rest.data
index 6a76b43..3b43c90 100644
--- a/tests/suites/test_suite_aes.rest.data
+++ b/tests/suites/test_suite_aes.rest.data
@@ -10,8 +10,8 @@
AES-256-CBC Decrypt (Invalid input length)
aes_decrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c74":"":MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
-AES - Optional Parameter Validation (MBEDTLS_CHECK_PARAMS)
-aes_check_params:
+AES - Mode Parameter Validation
+aes_invalid_mode:
AES - Mandatory Parameter Validation and Valid Parameters
aes_misc_params:
diff --git a/tests/suites/test_suite_aria.data b/tests/suites/test_suite_aria.data
index 8848978..94b6e7e 100644
--- a/tests/suites/test_suite_aria.data
+++ b/tests/suites/test_suite_aria.data
@@ -1,6 +1,3 @@
-ARIA - Valid parameters
-aria_valid_param:
-
ARIA - Invalid parameters
aria_invalid_param:
diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function
index 6d6a203..0426324 100644
--- a/tests/suites/test_suite_aria.function
+++ b/tests/suites/test_suite_aria.function
@@ -16,18 +16,10 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE */
-void aria_valid_param( )
-{
- TEST_VALID_PARAM( mbedtls_aria_free( NULL ) );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+/* BEGIN_CASE depends_on:NOT_DEFINED */
void aria_invalid_param( )
{
mbedtls_aria_context ctx;
- unsigned char key[128 / 8] = { 0 };
unsigned char input[MBEDTLS_ARIA_BLOCKSIZE] = { 0 };
unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] = { 0 };
unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE] = { 0 };
@@ -35,78 +27,22 @@
((void) iv_off);
((void) iv);
-
- TEST_INVALID_PARAM( mbedtls_aria_init( NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_setkey_enc( NULL, key,
- sizeof( key ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_setkey_enc( &ctx, NULL,
- sizeof( key ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_setkey_dec( NULL, key,
- sizeof( key ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_setkey_dec( &ctx, NULL,
- sizeof( key ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_ecb( NULL, input, output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_ecb( &ctx, NULL, output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_ecb( &ctx, input, NULL ) );
+ ((void) ctx);
+ ((void) input);
+ ((void) output);
#if defined(MBEDTLS_CIPHER_MODE_CBC)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_cbc( NULL,
- MBEDTLS_ARIA_ENCRYPT,
- sizeof( input ),
- iv,
- input,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ TEST_EQUAL( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
mbedtls_aria_crypt_cbc( &ctx,
42 /* invalid mode */,
sizeof( input ),
iv,
input,
output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_cbc( &ctx,
- MBEDTLS_ARIA_ENCRYPT,
- sizeof( input ),
- NULL,
- input,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_cbc( &ctx,
- MBEDTLS_ARIA_ENCRYPT,
- sizeof( input ),
- iv,
- NULL,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_cbc( &ctx,
- MBEDTLS_ARIA_ENCRYPT,
- sizeof( input ),
- iv,
- input,
- NULL ) );
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_cfb128( NULL,
- MBEDTLS_ARIA_ENCRYPT,
- sizeof( input ),
- &iv_off,
- iv,
- input,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
+ TEST_EQUAL( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
mbedtls_aria_crypt_cfb128( &ctx,
42, /* invalid mode */
sizeof( input ),
@@ -114,91 +50,8 @@
iv,
input,
output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_cfb128( &ctx,
- MBEDTLS_ARIA_ENCRYPT,
- sizeof( input ),
- NULL,
- iv,
- input,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_cfb128( &ctx,
- MBEDTLS_ARIA_ENCRYPT,
- sizeof( input ),
- &iv_off,
- NULL,
- input,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_cfb128( &ctx,
- MBEDTLS_ARIA_ENCRYPT,
- sizeof( input ),
- &iv_off,
- iv,
- NULL,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_cfb128( &ctx,
- MBEDTLS_ARIA_ENCRYPT,
- sizeof( input ),
- &iv_off,
- iv,
- input,
- NULL ) );
#endif /* MBEDTLS_CIPHER_MODE_CFB */
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_ctr( NULL,
- sizeof( input ),
- &iv_off,
- iv,
- iv,
- input,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_ctr( &ctx,
- sizeof( input ),
- NULL,
- iv,
- iv,
- input,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_ctr( &ctx,
- sizeof( input ),
- &iv_off,
- NULL,
- iv,
- input,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_ctr( &ctx,
- sizeof( input ),
- &iv_off,
- iv,
- NULL,
- input,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_ctr( &ctx,
- sizeof( input ),
- &iv_off,
- iv,
- iv,
- NULL,
- output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA,
- mbedtls_aria_crypt_ctr( &ctx,
- sizeof( input ),
- &iv_off,
- iv,
- iv,
- input,
- NULL ) );
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
exit:
return;
diff --git a/tests/suites/test_suite_blowfish.data b/tests/suites/test_suite_blowfish.data
index c9639f6..0ebb642 100644
--- a/tests/suites/test_suite_blowfish.data
+++ b/tests/suites/test_suite_blowfish.data
@@ -1,6 +1,3 @@
-BLOWFISH - Valid parameters
-blowfish_valid_param:
-
BLOWFISH - Invalid parameters
blowfish_invalid_param:
diff --git a/tests/suites/test_suite_blowfish.function b/tests/suites/test_suite_blowfish.function
index f89353c..1fa59ee 100644
--- a/tests/suites/test_suite_blowfish.function
+++ b/tests/suites/test_suite_blowfish.function
@@ -7,159 +7,37 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE */
-void blowfish_valid_param( )
-{
- TEST_VALID_PARAM( mbedtls_blowfish_free( NULL ) );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+/* BEGIN_CASE depends_on:NOT_DEFINED */
void blowfish_invalid_param( )
{
mbedtls_blowfish_context ctx;
unsigned char buf[16] = { 0 };
- size_t const valid_keylength = sizeof( buf ) * 8;
- size_t valid_mode = MBEDTLS_BLOWFISH_ENCRYPT;
size_t invalid_mode = 42;
size_t off;
((void) off);
- TEST_INVALID_PARAM( mbedtls_blowfish_init( NULL ) );
- TEST_VALID_PARAM( mbedtls_blowfish_free( NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_setkey( NULL,
- buf,
- valid_keylength ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_setkey( &ctx,
- NULL,
- valid_keylength ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_ecb( NULL,
- valid_mode,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ TEST_EQUAL( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
mbedtls_blowfish_crypt_ecb( &ctx,
invalid_mode,
buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_ecb( &ctx,
- valid_mode,
- NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_ecb( &ctx,
- valid_mode,
- buf, NULL ) );
#if defined(MBEDTLS_CIPHER_MODE_CBC)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cbc( NULL,
- valid_mode,
- sizeof( buf ),
- buf, buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ TEST_EQUAL( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
mbedtls_blowfish_crypt_cbc( &ctx,
invalid_mode,
sizeof( buf ),
buf, buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cbc( &ctx,
- valid_mode,
- sizeof( buf ),
- NULL, buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cbc( &ctx,
- valid_mode,
- sizeof( buf ),
- buf, NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cbc( &ctx,
- valid_mode,
- sizeof( buf ),
- buf, buf, NULL ) );
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cfb64( NULL,
- valid_mode,
- sizeof( buf ),
- &off, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
+ TEST_EQUAL( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
mbedtls_blowfish_crypt_cfb64( &ctx,
invalid_mode,
sizeof( buf ),
&off, buf,
buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cfb64( &ctx,
- valid_mode,
- sizeof( buf ),
- NULL, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cfb64( &ctx,
- valid_mode,
- sizeof( buf ),
- &off, NULL,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cfb64( &ctx,
- valid_mode,
- sizeof( buf ),
- &off, buf,
- NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_cfb64( &ctx,
- valid_mode,
- sizeof( buf ),
- &off, buf,
- buf, NULL ) );
#endif /* MBEDTLS_CIPHER_MODE_CFB */
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_ctr( NULL,
- sizeof( buf ),
- &off,
- buf, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_ctr( &ctx,
- sizeof( buf ),
- NULL,
- buf, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_ctr( &ctx,
- sizeof( buf ),
- &off,
- NULL, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_ctr( &ctx,
- sizeof( buf ),
- &off,
- buf, NULL,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_ctr( &ctx,
- sizeof( buf ),
- &off,
- buf, buf,
- NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA,
- mbedtls_blowfish_crypt_ctr( &ctx,
- sizeof( buf ),
- &off,
- buf, buf,
- buf, NULL ) );
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
exit:
return;
}
diff --git a/tests/suites/test_suite_camellia.data b/tests/suites/test_suite_camellia.data
index 3d11b8c..3f73abc 100644
--- a/tests/suites/test_suite_camellia.data
+++ b/tests/suites/test_suite_camellia.data
@@ -1,6 +1,3 @@
-Camellia - Valid parameters
-camellia_valid_param:
-
Camellia - Invalid parameters
camellia_invalid_param:
diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function
index 312495c..cc18d5b 100644
--- a/tests/suites/test_suite_camellia.function
+++ b/tests/suites/test_suite_camellia.function
@@ -7,167 +7,37 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE */
-void camellia_valid_param( )
-{
- TEST_VALID_PARAM( mbedtls_camellia_free( NULL ) );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+/* BEGIN_CASE depends_on:NOT_DEFINED */
void camellia_invalid_param( )
{
mbedtls_camellia_context ctx;
unsigned char buf[16] = { 0 };
- const size_t valid_keybits = 128;
const int invalid_mode = 42;
- const int valid_mode = MBEDTLS_CAMELLIA_ENCRYPT;
size_t off;
((void) off);
- TEST_INVALID_PARAM( mbedtls_camellia_init( NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_setkey_enc( NULL,
- buf,
- valid_keybits ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_setkey_enc( &ctx,
- NULL,
- valid_keybits ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_setkey_dec( NULL,
- buf,
- valid_keybits ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_setkey_dec( &ctx,
- NULL,
- valid_keybits ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_ecb( NULL,
- valid_mode,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ TEST_EQUAL( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
mbedtls_camellia_crypt_ecb( &ctx,
invalid_mode,
buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_ecb( &ctx,
- valid_mode,
- NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_ecb( &ctx,
- valid_mode,
- buf, NULL ) );
#if defined(MBEDTLS_CIPHER_MODE_CBC)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_cbc( NULL,
- valid_mode,
- sizeof( buf ),
- buf, buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ TEST_EQUAL( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
mbedtls_camellia_crypt_cbc( &ctx,
invalid_mode,
sizeof( buf ),
buf, buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_cbc( &ctx,
- valid_mode,
- sizeof( buf ),
- NULL, buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_cbc( &ctx,
- valid_mode,
- sizeof( buf ),
- buf, NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_cbc( &ctx,
- valid_mode,
- sizeof( buf ),
- buf, buf, NULL ) );
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_CIPHER_MODE_CFB)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_cfb128( NULL,
- valid_mode,
- sizeof( buf ),
- &off, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
+ TEST_EQUAL( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
mbedtls_camellia_crypt_cfb128( &ctx,
invalid_mode,
sizeof( buf ),
&off, buf,
buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_cfb128( &ctx,
- valid_mode,
- sizeof( buf ),
- NULL, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_cfb128( &ctx,
- valid_mode,
- sizeof( buf ),
- &off, NULL,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_cfb128( &ctx,
- valid_mode,
- sizeof( buf ),
- &off, buf,
- NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_cfb128( &ctx,
- valid_mode,
- sizeof( buf ),
- &off, buf,
- buf, NULL ) );
#endif /* MBEDTLS_CIPHER_MODE_CFB */
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_ctr( NULL,
- sizeof( buf ),
- &off,
- buf, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_ctr( &ctx,
- sizeof( buf ),
- NULL,
- buf, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_ctr( &ctx,
- sizeof( buf ),
- &off,
- NULL, buf,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_ctr( &ctx,
- sizeof( buf ),
- &off,
- buf, NULL,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_ctr( &ctx,
- sizeof( buf ),
- &off,
- buf, buf,
- NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA,
- mbedtls_camellia_crypt_ctr( &ctx,
- sizeof( buf ),
- &off,
- buf, buf,
- buf, NULL ) );
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
exit:
return;
}
diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data
index 4f83468..459683b 100644
--- a/tests/suites/test_suite_ccm.data
+++ b/tests/suites/test_suite_ccm.data
@@ -1,12 +1,6 @@
CCM self test
mbedtls_ccm_self_test:
-CCM - Invalid parameters
-ccm_invalid_param:
-
-CCM - Valid parameters
-ccm_valid_param:
-
CCM init #1 AES-128: OK
depends_on:MBEDTLS_AES_C
mbedtls_ccm_setkey:MBEDTLS_CIPHER_ID_AES:128:0
diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index 5a3726e..840583c 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -291,216 +291,3 @@
mbedtls_ccm_free( &ctx );
}
/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void ccm_invalid_param( )
-{
- struct mbedtls_ccm_context ctx;
- unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
- mbedtls_cipher_id_t valid_cipher = MBEDTLS_CIPHER_ID_AES;
- int valid_len = sizeof(valid_buffer);
- int valid_bitlen = valid_len * 8;
-
- mbedtls_ccm_init( &ctx );
-
- /* mbedtls_ccm_init() */
- TEST_INVALID_PARAM( mbedtls_ccm_init( NULL ) );
-
- /* mbedtls_ccm_setkey() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_setkey( NULL, valid_cipher, valid_buffer, valid_bitlen ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_setkey( &ctx, valid_cipher, NULL, valid_bitlen ) );
-
- /* mbedtls_ccm_encrypt_and_tag() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_encrypt_and_tag( NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_encrypt_and_tag( &ctx, valid_len,
- NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_encrypt_and_tag( &ctx, valid_len,
- valid_buffer, valid_len,
- NULL, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_encrypt_and_tag( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- NULL, valid_buffer,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_encrypt_and_tag( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, NULL,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_encrypt_and_tag( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- NULL, valid_len ) );
-
- /* mbedtls_ccm_star_encrypt_and_tag() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_encrypt_and_tag( NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len,
- NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len,
- valid_buffer, valid_len,
- NULL, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- NULL, valid_buffer,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, NULL,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- NULL, valid_len ) );
-
- /* mbedtls_ccm_auth_decrypt() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_auth_decrypt( NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_auth_decrypt( &ctx, valid_len,
- NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- NULL, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- NULL, valid_buffer,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, NULL,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- NULL, valid_len ) );
-
- /* mbedtls_ccm_star_auth_decrypt() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_auth_decrypt( NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_auth_decrypt( &ctx, valid_len,
- NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- NULL, valid_len,
- valid_buffer, valid_buffer,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- NULL, valid_buffer,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, NULL,
- valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CCM_BAD_INPUT,
- mbedtls_ccm_star_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- NULL, valid_len ) );
-
-exit:
- mbedtls_ccm_free( &ctx );
- return;
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void ccm_valid_param( )
-{
- TEST_VALID_PARAM( mbedtls_ccm_free( NULL ) );
-exit:
- return;
-}
-/* END_CASE */
diff --git a/tests/suites/test_suite_chacha20.data b/tests/suites/test_suite_chacha20.data
index 3f9033e..8609460 100644
--- a/tests/suites/test_suite_chacha20.data
+++ b/tests/suites/test_suite_chacha20.data
@@ -22,8 +22,5 @@
ChaCha20 RFC 7539 Test Vector #3 (Decrypt)
chacha20_crypt:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000000000000000002":42:"62e6347f95ed87a45ffae7426f27a1df5fb69110044c0d73118effa95b01e5cf166d3df2d721caf9b21e5fb14c616871fd84c54f9d65b283196c7fe4f60553ebf39c6402c42234e32a356b3e764312a61a5532055716ead6962568f87d3f3f7704c6a8d1bcd1bf4d50d6154b6da731b187b58dfd728afa36757a797ac188d1":"2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e"
-ChaCha20 Paremeter Validation
-chacha20_bad_params:
-
ChaCha20 Selftest
chacha20_self_test:
diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function
index 67c8de2..9afadb7 100644
--- a/tests/suites/test_suite_chacha20.function
+++ b/tests/suites/test_suite_chacha20.function
@@ -66,52 +66,6 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void chacha20_bad_params()
-{
- unsigned char key[32];
- unsigned char nonce[12];
- unsigned char src[1];
- unsigned char dst[1];
- uint32_t counter = 0;
- size_t len = sizeof( src );
- mbedtls_chacha20_context ctx;
-
- TEST_INVALID_PARAM( mbedtls_chacha20_init( NULL ) );
- TEST_VALID_PARAM( mbedtls_chacha20_free( NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_setkey( NULL, key ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_setkey( &ctx, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_starts( NULL, nonce, counter ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_starts( &ctx, NULL, counter ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_update( NULL, 0, src, dst ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_update( &ctx, len, NULL, dst ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_update( &ctx, len, src, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_crypt( NULL, nonce, counter, 0, src, dst ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_crypt( key, NULL, counter, 0, src, dst ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_crypt( key, nonce, counter, len, NULL, dst ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
- mbedtls_chacha20_crypt( key, nonce, counter, len, src, NULL ) );
-
-exit:
- return;
-
-}
-/* END_CASE */
-
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void chacha20_self_test()
{
diff --git a/tests/suites/test_suite_chachapoly.data b/tests/suites/test_suite_chachapoly.data
index 34cb568..02c7bf3 100644
--- a/tests/suites/test_suite_chachapoly.data
+++ b/tests/suites/test_suite_chachapoly.data
@@ -19,9 +19,6 @@
ChaCha20-Poly1305 State Flow
chachapoly_state:
-ChaCha20-Poly1305 Parameter Validation
-chachapoly_bad_params:
-
ChaCha20-Poly1305 Selftest
depends_on:MBEDTLS_SELF_TEST
chachapoly_selftest:
diff --git a/tests/suites/test_suite_chachapoly.function b/tests/suites/test_suite_chachapoly.function
index 96128e4..2e1e7b2 100644
--- a/tests/suites/test_suite_chachapoly.function
+++ b/tests/suites/test_suite_chachapoly.function
@@ -66,137 +66,6 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void chachapoly_bad_params()
-{
- unsigned char key[32];
- unsigned char nonce[12];
- unsigned char aad[1];
- unsigned char input[1];
- unsigned char output[1];
- unsigned char mac[16];
- size_t input_len = sizeof( input );
- size_t aad_len = sizeof( aad );
- mbedtls_chachapoly_context ctx;
-
- memset( key, 0x00, sizeof( key ) );
- memset( nonce, 0x00, sizeof( nonce ) );
- memset( aad, 0x00, sizeof( aad ) );
- memset( input, 0x00, sizeof( input ) );
- memset( output, 0x00, sizeof( output ) );
- memset( mac, 0x00, sizeof( mac ) );
-
- TEST_INVALID_PARAM( mbedtls_chachapoly_init( NULL ) );
- TEST_VALID_PARAM( mbedtls_chachapoly_free( NULL ) );
-
- /* setkey */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_setkey( NULL, key ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_setkey( &ctx, NULL ) );
-
- /* encrypt_and_tag */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_encrypt_and_tag( NULL,
- 0, nonce,
- aad, 0,
- input, output, mac ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_encrypt_and_tag( &ctx,
- 0, NULL,
- aad, 0,
- input, output, mac ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_encrypt_and_tag( &ctx,
- 0, nonce,
- NULL, aad_len,
- input, output, mac ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_encrypt_and_tag( &ctx,
- input_len, nonce,
- aad, 0,
- NULL, output, mac ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_encrypt_and_tag( &ctx,
- input_len, nonce,
- aad, 0,
- input, NULL, mac ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_encrypt_and_tag( &ctx,
- 0, nonce,
- aad, 0,
- input, output, NULL ) );
-
- /* auth_decrypt */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_auth_decrypt( NULL,
- 0, nonce,
- aad, 0,
- mac, input, output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_auth_decrypt( &ctx,
- 0, NULL,
- aad, 0,
- mac, input, output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_auth_decrypt( &ctx,
- 0, nonce,
- NULL, aad_len,
- mac, input, output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_auth_decrypt( &ctx,
- 0, nonce,
- aad, 0,
- NULL, input, output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_auth_decrypt( &ctx,
- input_len, nonce,
- aad, 0,
- mac, NULL, output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_auth_decrypt( &ctx,
- input_len, nonce,
- aad, 0,
- mac, input, NULL ) );
-
- /* starts */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_starts( NULL, nonce,
- MBEDTLS_CHACHAPOLY_ENCRYPT ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_starts( &ctx, NULL,
- MBEDTLS_CHACHAPOLY_ENCRYPT ) );
-
- /* update_aad */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_update_aad( NULL, aad,
- aad_len ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_update_aad( &ctx, NULL,
- aad_len ) );
-
- /* update */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_update( NULL, input_len,
- input, output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_update( &ctx, input_len,
- NULL, output ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_update( &ctx, input_len,
- input, NULL ) );
-
- /* finish */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_finish( NULL, mac ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_chachapoly_finish( &ctx, NULL ) );
-
-exit:
- return;
-}
-/* END_CASE */
-
/* BEGIN_CASE */
void chachapoly_state()
{
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 3d3f6a3..674349f 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -207,327 +207,27 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+/* BEGIN_CASE depends_on:NOT_DEFINED */
void cipher_invalid_param_conditional( )
{
mbedtls_cipher_context_t valid_ctx;
- mbedtls_operation_t valid_operation = MBEDTLS_ENCRYPT;
mbedtls_operation_t invalid_operation = 100;
- mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS;
unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
int valid_size = sizeof(valid_buffer);
int valid_bitlen = valid_size * 8;
const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type(
*( mbedtls_cipher_list() ) );
- size_t size_t_var;
-
- (void)valid_mode; /* In some configurations this is unused */
-
- /* mbedtls_cipher_init() */
- TEST_VALID_PARAM( mbedtls_cipher_init( &valid_ctx ) );
- TEST_INVALID_PARAM( mbedtls_cipher_init( NULL ) );
-
- /* mbedtls_cipher_setup() */
- TEST_VALID_PARAM( mbedtls_cipher_setup( &valid_ctx, valid_info ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_setup( NULL, valid_info ) );
-
- /* mbedtls_cipher_get_block_size() */
- TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_block_size( NULL ) );
-
- /* mbedtls_cipher_get_cipher_mode() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_MODE_NONE,
- mbedtls_cipher_get_cipher_mode( NULL ) );
-
- /* mbedtls_cipher_get_iv_size() */
- TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_iv_size( NULL ) );
-
- /* mbedtls_cipher_get_type() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_CIPHER_NONE,
- mbedtls_cipher_get_type( NULL ) );
-
- /* mbedtls_cipher_get_name() */
- TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_name( NULL ) );
-
- /* mbedtls_cipher_get_key_bitlen() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_KEY_LENGTH_NONE,
- mbedtls_cipher_get_key_bitlen( NULL ) );
-
- /* mbedtls_cipher_get_operation() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_OPERATION_NONE,
- mbedtls_cipher_get_operation( NULL ) );
-
- /* mbedtls_cipher_setkey() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_setkey( NULL,
- valid_buffer,
- valid_bitlen,
- valid_operation ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_setkey( &valid_ctx,
- NULL,
- valid_bitlen,
- valid_operation ) );
- TEST_INVALID_PARAM_RET(
+ TEST_EQUAL(
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
mbedtls_cipher_setkey( &valid_ctx,
valid_buffer,
valid_bitlen,
invalid_operation ) );
- /* mbedtls_cipher_set_iv() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_set_iv( NULL,
- valid_buffer,
- valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_set_iv( &valid_ctx,
- NULL,
- valid_size ) );
-
- /* mbedtls_cipher_reset() */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_reset( NULL ) );
-
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
- /* mbedtls_cipher_update_ad() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_update_ad( NULL,
- valid_buffer,
- valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_update_ad( &valid_ctx,
- NULL,
- valid_size ) );
-#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */
-
-#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
- /* mbedtls_cipher_set_padding_mode() */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_set_padding_mode( NULL, valid_mode ) );
-#endif
-
- /* mbedtls_cipher_update() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_update( NULL,
- valid_buffer,
- valid_size,
- valid_buffer,
- &size_t_var ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_update( &valid_ctx,
- NULL, valid_size,
- valid_buffer,
- &size_t_var ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_update( &valid_ctx,
- valid_buffer, valid_size,
- NULL,
- &size_t_var ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_update( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer,
- NULL ) );
-
- /* mbedtls_cipher_finish() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_finish( NULL,
- valid_buffer,
- &size_t_var ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_finish( &valid_ctx,
- NULL,
- &size_t_var ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_finish( &valid_ctx,
- valid_buffer,
- NULL ) );
-
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
- /* mbedtls_cipher_write_tag() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_write_tag( NULL,
- valid_buffer,
- valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_write_tag( &valid_ctx,
- NULL,
- valid_size ) );
-
- /* mbedtls_cipher_check_tag() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_check_tag( NULL,
- valid_buffer,
- valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_check_tag( &valid_ctx,
- NULL,
- valid_size ) );
-#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */
-
- /* mbedtls_cipher_crypt() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_crypt( NULL,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, &size_t_var ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_crypt( &valid_ctx,
- NULL, valid_size,
- valid_buffer, valid_size,
- valid_buffer, &size_t_var ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_crypt( &valid_ctx,
- valid_buffer, valid_size,
- NULL, valid_size,
- valid_buffer, &size_t_var ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_crypt( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- NULL, &size_t_var ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_crypt( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, NULL ) );
-
-#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
- /* mbedtls_cipher_auth_encrypt_ext */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt_ext( NULL,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size, &size_t_var,
- valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt_ext( &valid_ctx,
- NULL, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size, &size_t_var,
- valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt_ext( &valid_ctx,
- valid_buffer, valid_size,
- NULL, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size, &size_t_var,
- valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt_ext( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- NULL, valid_size,
- valid_buffer, valid_size, &size_t_var,
- valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt_ext( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- NULL, valid_size, &size_t_var,
- valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt_ext( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size, NULL,
- valid_size ) );
-
- /* mbedtls_cipher_auth_decrypt_ext */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt_ext( NULL,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size, &size_t_var,
- valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt_ext( &valid_ctx,
- NULL, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size, &size_t_var,
- valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt_ext( &valid_ctx,
- valid_buffer, valid_size,
- NULL, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size, &size_t_var,
- valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt_ext( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- NULL, valid_size,
- valid_buffer, valid_size, &size_t_var,
- valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt_ext( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- NULL, valid_size, &size_t_var,
- valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt_ext( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size, NULL,
- valid_size ) );
-#endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */
-
- /* mbedtls_cipher_free() */
- TEST_VALID_PARAM( mbedtls_cipher_free( NULL ) );
exit:
- TEST_VALID_PARAM( mbedtls_cipher_free( &valid_ctx ) );
+ ;
}
/* END_CASE */
diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function
index c3ffe3b..a46f21c 100644
--- a/tests/suites/test_suite_ctr_drbg.function
+++ b/tests/suites/test_suite_ctr_drbg.function
@@ -288,7 +288,7 @@
/* Call update with too much data (sizeof entropy > MAX(_SEED)_INPUT).
* Make sure it's detected as an error and doesn't cause memory
* corruption. */
- TEST_ASSERT( mbedtls_ctr_drbg_update_ret(
+ TEST_ASSERT( mbedtls_ctr_drbg_update(
&ctx, entropy, sizeof( entropy ) ) != 0 );
/* Now enable PR, so the next few calls should all reseed */
diff --git a/tests/suites/test_suite_dhm.data b/tests/suites/test_suite_dhm.data
index c4795b6..e5fb428 100644
--- a/tests/suites/test_suite_dhm.data
+++ b/tests/suites/test_suite_dhm.data
@@ -1,26 +1,89 @@
-Diffie-Hellman parameter validation
-dhm_invalid_params:
+Diffie-Hellman full exchange: tiny x_size
+dhm_do_dhm:10:"93450983094850938450983409623":1:10:"9345098304850938450983409622":0
-Diffie-Hellman full exchange #1
-dhm_do_dhm:10:"23":10:"5":0
+Diffie-Hellman full exchange: 5-bit, x_size=3
+dhm_do_dhm:10:"23":3:10:"5":0
-Diffie-Hellman full exchange #2
-dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622":0
+Diffie-Hellman full exchange: 5-bit, x_size=2
+dhm_do_dhm:10:"23":2:10:"5":0
-Diffie-Hellman full exchange #3
-dhm_do_dhm:10:"93450983094850938450983409623982317398171298719873918739182739712938719287391879381271":10:"9345098309485093845098340962223981329819812792137312973297123912791271":0
+## Repeat this test case and a few similar ones several times. The RNG state
+## changes, so we get to exercise the code with a few different values.
+Diffie-Hellman full exchange: 5-bit #1
+dhm_do_dhm:10:"23":1:10:"5":0
+
+Diffie-Hellman full exchange: 5-bit #2
+dhm_do_dhm:10:"23":1:10:"5":0
+
+Diffie-Hellman full exchange: 5-bit #3
+dhm_do_dhm:10:"23":1:10:"5":0
+
+Diffie-Hellman full exchange: 5-bit #4
+dhm_do_dhm:10:"23":1:10:"5":0
+
+Diffie-Hellman full exchange: 5-bit #5
+dhm_do_dhm:10:"23":1:10:"5":0
+
+## This is x_size = P_size + 1. Arguably x_size > P_size makes no sense,
+## but it's the current undocumented behavior to treat it the same as when
+## x_size = P_size. If this behavior changes in the future, change the expected
+## return status from 0 to MBEDTLS_ERR_DHM_BAD_INPUT_DATA.
+Diffie-Hellman full exchange: 97-bit, x_size=14
+dhm_do_dhm:10:"93450983094850938450983409623":14:10:"9345098304850938450983409622":0
+
+Diffie-Hellman full exchange: 97-bit #1
+dhm_do_dhm:10:"93450983094850938450983409623":13:10:"9345098304850938450983409622":0
+
+Diffie-Hellman full exchange: 97-bit #2
+dhm_do_dhm:10:"93450983094850938450983409623":13:10:"9345098304850938450983409622":0
+
+Diffie-Hellman full exchange: 97-bit #3
+dhm_do_dhm:10:"93450983094850938450983409623":13:10:"9345098304850938450983409622":0
+
+Diffie-Hellman full exchange: 97-bit #4
+dhm_do_dhm:10:"93450983094850938450983409623":13:10:"9345098304850938450983409622":0
+
+Diffie-Hellman full exchange: 97-bit #5
+dhm_do_dhm:10:"93450983094850938450983409623":13:10:"9345098304850938450983409622":0
+
+Diffie-Hellman full exchange: 97-bit, x_size=12
+dhm_do_dhm:10:"93450983094850938450983409623":12:10:"9345098304850938450983409622":0
+
+Diffie-Hellman full exchange: 97-bit, x_size=11
+dhm_do_dhm:10:"93450983094850938450983409623":11:10:"9345098304850938450983409622":0
+
+Diffie-Hellman full exchange: 97-bit, x_size=1 #1
+dhm_do_dhm:10:"93450983094850938450983409623":1:10:"9345098304850938450983409622":0
+
+Diffie-Hellman full exchange: 97-bit, x_size=1 #2
+dhm_do_dhm:10:"93450983094850938450983409623":1:10:"9345098304850938450983409622":0
+
+Diffie-Hellman full exchange: 97-bit, x_size=1 #3
+dhm_do_dhm:10:"93450983094850938450983409623":1:10:"9345098304850938450983409622":0
+
+Diffie-Hellman full exchange: 97-bit, x_size=1 #4
+dhm_do_dhm:10:"93450983094850938450983409623":1:10:"9345098304850938450983409622":0
+
+Diffie-Hellman full exchange: 97-bit, x_size=1 #5
+dhm_do_dhm:10:"93450983094850938450983409623":1:10:"9345098304850938450983409622":0
+
+Diffie-Hellman full exchange: 286-bit
+dhm_do_dhm:10:"93450983094850938450983409623982317398171298719873918739182739712938719287391879381271":36:10:"9345098309485093845098340962223981329819812792137312973297123912791271":0
Diffie-Hellman trivial subgroup #1
-dhm_do_dhm:10:"23":10:"1":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
+dhm_do_dhm:10:"23":1:10:"1":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
Diffie-Hellman trivial subgroup #2
-dhm_do_dhm:10:"23":10:"-1":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
+dhm_do_dhm:10:"23":1:10:"-1":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
Diffie-Hellman small modulus
-dhm_do_dhm:10:"3":10:"5":MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED
+dhm_do_dhm:10:"3":1:10:"5":MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED+MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Diffie-Hellman zero modulus
-dhm_do_dhm:10:"0":10:"5":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
+dhm_do_dhm:10:"0":1:10:"5":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
+
+Diffie-Hellman: x_size < 0
+dhm_do_dhm:10:"93450983094850938450983409623":-1:10:"9345098304850938450983409622":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
Diffie-Hellman MPI_MAX_SIZE modulus
dhm_make_public:MBEDTLS_MPI_MAX_SIZE:10:"5":0
diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function
index 1726b9e..62e634a 100644
--- a/tests/suites/test_suite_dhm.function
+++ b/tests/suites/test_suite_dhm.function
@@ -1,5 +1,85 @@
/* BEGIN_HEADER */
#include "mbedtls/dhm.h"
+
+int check_get_value( const mbedtls_dhm_context *ctx,
+ mbedtls_dhm_parameter param,
+ const mbedtls_mpi *expected )
+{
+ mbedtls_mpi actual;
+ int ok = 0;
+ mbedtls_mpi_init( &actual );
+
+ TEST_ASSERT( mbedtls_dhm_get_value( ctx, param, &actual ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &actual, expected ) == 0 );
+ ok = 1;
+
+exit:
+ mbedtls_mpi_free( &actual );
+ return( ok );
+}
+
+/* Sanity checks on a Diffie-Hellman parameter: check the length-value
+ * syntax and check that the value is the expected one (taken from the
+ * DHM context by the caller). */
+static int check_dhm_param_output( const mbedtls_mpi *expected,
+ const unsigned char *buffer,
+ size_t size,
+ size_t *offset )
+{
+ size_t n;
+ mbedtls_mpi actual;
+ int ok = 0;
+ mbedtls_mpi_init( &actual );
+
+ ++mbedtls_test_info.step;
+
+ TEST_ASSERT( size >= *offset + 2 );
+ n = ( buffer[*offset] << 8 ) | buffer[*offset + 1];
+ *offset += 2;
+ /* The DHM param output from Mbed TLS has leading zeros stripped, as
+ * permitted but not required by RFC 5246 \S4.4. */
+ TEST_EQUAL( n, mbedtls_mpi_size( expected ) );
+ TEST_ASSERT( size >= *offset + n );
+ TEST_EQUAL( 0, mbedtls_mpi_read_binary( &actual, buffer + *offset, n ) );
+ TEST_EQUAL( 0, mbedtls_mpi_cmp_mpi( expected, &actual ) );
+ *offset += n;
+
+ ok = 1;
+exit:
+ mbedtls_mpi_free( &actual );
+ return( ok );
+}
+
+/* Sanity checks on Diffie-Hellman parameters: syntax, range, and comparison
+ * against the context. */
+static int check_dhm_params( const mbedtls_dhm_context *ctx,
+ size_t x_size,
+ const unsigned char *ske, size_t ske_len )
+{
+ size_t offset = 0;
+
+ /* Check that ctx->X and ctx->GX are within range. */
+ TEST_ASSERT( mbedtls_mpi_cmp_int( &ctx->X, 1 ) > 0 );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) < 0 );
+ TEST_ASSERT( mbedtls_mpi_size( &ctx->X ) <= x_size );
+ TEST_ASSERT( mbedtls_mpi_cmp_int( &ctx->GX, 1 ) > 0 );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx->GX, &ctx->P ) < 0 );
+
+ /* Check ske: it must contain P, G and G^X, each prefixed with a
+ * 2-byte size. */
+ if( !check_dhm_param_output( &ctx->P, ske, ske_len, &offset ) )
+ goto exit;
+ if( !check_dhm_param_output( &ctx->G, ske, ske_len, &offset ) )
+ goto exit;
+ if( !check_dhm_param_output( &ctx->GX, ske, ske_len, &offset ) )
+ goto exit;
+ TEST_EQUAL( offset, ske_len );
+
+ return( 1 );
+exit:
+ return( 0 );
+}
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -7,115 +87,8 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void dhm_invalid_params( )
-{
- mbedtls_dhm_context ctx;
- unsigned char buf[42] = { 0 };
- unsigned char *buf_null = NULL;
- mbedtls_mpi X;
- size_t const buflen = sizeof( buf );
- size_t len;
-
- TEST_INVALID_PARAM( mbedtls_dhm_init( NULL ) );
- TEST_VALID_PARAM( mbedtls_dhm_free( NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_read_params( NULL,
- (unsigned char**) &buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_read_params( &ctx, &buf_null, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_read_params( &ctx, NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_read_params( &ctx,
- (unsigned char**) &buf,
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_make_params( NULL, buflen,
- buf, &len,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_make_params( &ctx, buflen,
- NULL, &len,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_make_params( &ctx, buflen,
- buf, NULL,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_make_params( &ctx, buflen,
- buf, &len,
- NULL,
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_set_group( NULL, &X, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_set_group( &ctx, NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_set_group( &ctx, &X, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_read_public( NULL, buf, buflen ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_read_public( &ctx, NULL, buflen ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_make_public( NULL, buflen,
- buf, buflen,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_make_public( &ctx, buflen,
- NULL, buflen,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_make_public( &ctx, buflen,
- buf, buflen,
- NULL,
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_calc_secret( NULL, buf, buflen, &len,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_calc_secret( &ctx, NULL, buflen, &len,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_calc_secret( &ctx, buf, buflen, NULL,
- mbedtls_test_rnd_std_rand,
- NULL ) );
-
-#if defined(MBEDTLS_ASN1_PARSE_C)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_parse_dhm( NULL, buf, buflen ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_parse_dhm( &ctx, NULL, buflen ) );
-
-#if defined(MBEDTLS_FS_IO)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_parse_dhmfile( NULL, "" ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_parse_dhmfile( &ctx, NULL ) );
-#endif /* MBEDTLS_FS_IO */
-#endif /* MBEDTLS_ASN1_PARSE_C */
-
-exit:
- return;
-}
-/* END_CASE */
-
/* BEGIN_CASE */
-void dhm_do_dhm( int radix_P, char *input_P,
+void dhm_do_dhm( int radix_P, char *input_P, int x_size,
int radix_G, char *input_G, int result )
{
mbedtls_dhm_context ctx_srv;
@@ -129,7 +102,7 @@
size_t pub_cli_len = 0;
size_t sec_srv_len;
size_t sec_cli_len;
- int x_size, i;
+ int i;
mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_dhm_init( &ctx_srv );
@@ -145,21 +118,28 @@
*/
TEST_ASSERT( mbedtls_mpi_read_string( &ctx_srv.P, radix_P, input_P ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &ctx_srv.G, radix_G, input_G ) == 0 );
- x_size = mbedtls_mpi_size( &ctx_srv.P );
- pub_cli_len = x_size;
+ pub_cli_len = mbedtls_mpi_size( &ctx_srv.P );
+ TEST_ASSERT( check_get_value( &ctx_srv, MBEDTLS_DHM_PARAM_P, &ctx_srv.P ) );
+ TEST_ASSERT( check_get_value( &ctx_srv, MBEDTLS_DHM_PARAM_G, &ctx_srv.G ) );
/*
* First key exchange
*/
+ mbedtls_test_set_step( 10 );
TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len,
&mbedtls_test_rnd_pseudo_rand,
&rnd_info ) == result );
if ( result != 0 )
goto exit;
+ if( !check_dhm_params( &ctx_srv, x_size, ske, ske_len ) )
+ goto exit;
ske[ske_len++] = 0;
ske[ske_len++] = 0;
TEST_ASSERT( mbedtls_dhm_read_params( &ctx_cli, &p, ske + ske_len ) == 0 );
+ /* The domain parameters must be the same on both side. */
+ TEST_ASSERT( check_get_value( &ctx_cli, MBEDTLS_DHM_PARAM_P, &ctx_srv.P ) );
+ TEST_ASSERT( check_get_value( &ctx_cli, MBEDTLS_DHM_PARAM_G, &ctx_srv.G ) );
TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len,
&mbedtls_test_rnd_pseudo_rand,
@@ -176,9 +156,21 @@
TEST_ASSERT( sec_srv_len != 0 );
TEST_ASSERT( memcmp( sec_srv, sec_cli, sec_srv_len ) == 0 );
+ /* Internal value checks */
+ TEST_ASSERT( check_get_value( &ctx_cli, MBEDTLS_DHM_PARAM_X, &ctx_cli.X ) );
+ TEST_ASSERT( check_get_value( &ctx_srv, MBEDTLS_DHM_PARAM_X, &ctx_srv.X ) );
+ /* Cross-checks */
+ TEST_ASSERT( check_get_value( &ctx_cli, MBEDTLS_DHM_PARAM_GX, &ctx_srv.GY ) );
+ TEST_ASSERT( check_get_value( &ctx_cli, MBEDTLS_DHM_PARAM_GY, &ctx_srv.GX ) );
+ TEST_ASSERT( check_get_value( &ctx_cli, MBEDTLS_DHM_PARAM_K, &ctx_srv.K ) );
+ TEST_ASSERT( check_get_value( &ctx_srv, MBEDTLS_DHM_PARAM_GX, &ctx_cli.GY ) );
+ TEST_ASSERT( check_get_value( &ctx_srv, MBEDTLS_DHM_PARAM_GY, &ctx_cli.GX ) );
+ TEST_ASSERT( check_get_value( &ctx_srv, MBEDTLS_DHM_PARAM_K, &ctx_cli.K ) );
+
/* Re-do calc_secret on server a few times to test update of blinding values */
for( i = 0; i < 3; i++ )
{
+ mbedtls_test_set_step( 20 + i );
sec_srv_len = 1000;
TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv,
sizeof( sec_srv ), &sec_srv_len,
@@ -195,9 +187,12 @@
*/
p = ske;
+ mbedtls_test_set_step( 30 );
TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len,
&mbedtls_test_rnd_pseudo_rand,
&rnd_info ) == 0 );
+ if( !check_dhm_params( &ctx_srv, x_size, ske, ske_len ) )
+ goto exit;
ske[ske_len++] = 0;
ske[ske_len++] = 0;
TEST_ASSERT( mbedtls_dhm_read_params( &ctx_cli, &p, ske + ske_len ) == 0 );
@@ -267,9 +262,10 @@
TEST_ASSERT( mbedtls_dhm_parse_dhmfile( &ctx, filename ) == 0 );
- TEST_ASSERT( ctx.len == (size_t) len );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &P ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.G, &G ) == 0 );
+ TEST_EQUAL( mbedtls_dhm_get_len( &ctx ), (size_t) len );
+ TEST_EQUAL( mbedtls_dhm_get_bitlen( &ctx ), mbedtls_mpi_bitlen( &P ) );
+ TEST_ASSERT( check_get_value( &ctx, MBEDTLS_DHM_PARAM_P, &P ) );
+ TEST_ASSERT( check_get_value( &ctx, MBEDTLS_DHM_PARAM_G, &G ) );
exit:
mbedtls_mpi_free( &P ); mbedtls_mpi_free( &G );
diff --git a/tests/suites/test_suite_ecdh.data b/tests/suites/test_suite_ecdh.data
index fb4a232..cc58432 100644
--- a/tests/suites/test_suite_ecdh.data
+++ b/tests/suites/test_suite_ecdh.data
@@ -1,6 +1,3 @@
-ECDH - Valid parameters
-ecdh_valid_param:
-
ECDH - Invalid parameters
ecdh_invalid_param:
@@ -76,10 +73,6 @@
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE":0:250:0:0
-ECDH exchange legacy context
-depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
-ecdh_exchange_legacy:MBEDTLS_ECP_DP_SECP192R1
-
ECDH calc_secret: ours first, SECP256R1 (RFC 5903)
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecdh_exchange_calc_secret:MBEDTLS_ECP_DP_SECP256R1:"c6ef9c5d78ae012a011164acb397ce2088685d8f06bf9be0b283ab46476bee53":"04dad0b65394221cf9b051e1feca5787d098dfe637fc90b9ef945d0c37725811805271a0461cdb8252d61f1c456fa3e59ab1f45b33accf5f58389e0577b8990bb3":0:"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de"
diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function
index 3ab96fa..6e8459d 100644
--- a/tests/suites/test_suite_ecdh.function
+++ b/tests/suites/test_suite_ecdh.function
@@ -43,141 +43,17 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE */
-void ecdh_valid_param( )
-{
- TEST_VALID_PARAM( mbedtls_ecdh_free( NULL ) );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+/* BEGIN_CASE depends_on:NOT_DEFINED */
void ecdh_invalid_param( )
{
- mbedtls_ecp_group grp;
mbedtls_ecdh_context ctx;
- mbedtls_mpi m;
- mbedtls_ecp_point P;
mbedtls_ecp_keypair kp;
- size_t olen;
- unsigned char buf[42] = { 0 };
- const unsigned char *buf_null = NULL;
- size_t const buflen = sizeof( buf );
int invalid_side = 42;
- mbedtls_ecp_group_id valid_grp = MBEDTLS_ECP_DP_SECP192R1;
- TEST_INVALID_PARAM( mbedtls_ecdh_init( NULL ) );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
- TEST_INVALID_PARAM( mbedtls_ecdh_enable_restart( NULL ) );
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_gen_public( NULL, &m, &P,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_gen_public( &grp, NULL, &P,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_gen_public( &grp, &m, NULL,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_gen_public( &grp, &m, &P,
- NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_compute_shared( NULL, &m, &P, &m,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_compute_shared( &grp, NULL, &P, &m,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_compute_shared( &grp, &m, NULL, &m,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_compute_shared( &grp, &m, &P, NULL,
- mbedtls_test_rnd_std_rand,
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_setup( NULL, valid_grp ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_params( NULL, &olen, buf, buflen,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_params( &ctx, NULL, buf, buflen,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_params( &ctx, &olen, NULL, buflen,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_params( &ctx, &olen, buf, buflen, NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_read_params( NULL,
- (const unsigned char**) &buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_read_params( &ctx, &buf_null,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_read_params( &ctx, NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_read_params( &ctx,
- (const unsigned char**) &buf,
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_get_params( NULL, &kp,
- MBEDTLS_ECDH_OURS ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_get_params( &ctx, NULL,
- MBEDTLS_ECDH_OURS ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ TEST_EQUAL( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecdh_get_params( &ctx, &kp,
invalid_side ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_public( NULL, &olen, buf, buflen,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_public( &ctx, NULL, buf, buflen,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_public( &ctx, &olen, NULL, buflen,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_public( &ctx, &olen, buf, buflen, NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_read_public( NULL, buf, buflen ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_read_public( &ctx, NULL, buflen ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_calc_secret( NULL, &olen, buf, buflen,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_calc_secret( &ctx, NULL, buf, buflen,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_calc_secret( &ctx, &olen, NULL, buflen,
- mbedtls_test_rnd_std_rand, NULL ) );
-
exit:
return;
}
@@ -240,6 +116,8 @@
rnd_info_A.buf = rnd_buf_A->x;
rnd_info_A.length = rnd_buf_A->len;
+ rnd_info_A.fallback_f_rng = mbedtls_test_rnd_std_rand;
+ rnd_info_A.fallback_p_rng = NULL;
/* Fix rnd_buf_A->x by shifting it left if necessary */
if( grp.nbits % 8 != 0 )
@@ -256,6 +134,8 @@
rnd_info_B.buf = rnd_buf_B->x;
rnd_info_B.length = rnd_buf_B->len;
+ rnd_info_B.fallback_f_rng = mbedtls_test_rnd_std_rand;
+ rnd_info_B.fallback_p_rng = NULL;
/* Fix rnd_buf_B->x by shifting it left if necessary */
if( grp.nbits % 8 != 0 )
@@ -362,9 +242,13 @@
mbedtls_ecdh_init( &srv );
mbedtls_ecdh_init( &cli );
+ rnd_info_A.fallback_f_rng = mbedtls_test_rnd_std_rand;
+ rnd_info_A.fallback_p_rng = NULL;
rnd_info_A.buf = dA->x;
rnd_info_A.length = dA->len;
+ rnd_info_B.fallback_f_rng = mbedtls_test_rnd_std_rand;
+ rnd_info_B.fallback_p_rng = NULL;
rnd_info_B.buf = dB->x;
rnd_info_B.length = dB->len;
@@ -465,47 +349,6 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_ECDH_LEGACY_CONTEXT */
-void ecdh_exchange_legacy( int id )
-{
- mbedtls_ecdh_context srv, cli;
- unsigned char buf[1000];
- const unsigned char *vbuf;
- size_t len;
-
- mbedtls_test_rnd_pseudo_info rnd_info;
-
- mbedtls_ecdh_init( &srv );
- mbedtls_ecdh_init( &cli );
- memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
-
- TEST_ASSERT( mbedtls_ecp_group_load( &srv.grp, id ) == 0 );
-
- memset( buf, 0x00, sizeof( buf ) ); vbuf = buf;
- TEST_ASSERT( mbedtls_ecdh_make_params( &srv, &len, buf, 1000,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
- TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 );
-
- memset( buf, 0x00, sizeof( buf ) );
- TEST_ASSERT( mbedtls_ecdh_make_public( &cli, &len, buf, 1000,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
- TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 );
-
- TEST_ASSERT( mbedtls_ecdh_calc_secret( &srv, &len, buf, 1000,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) == 0 );
- TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &len, buf, 1000, NULL,
- NULL ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &srv.z, &cli.z ) == 0 );
-
-exit:
- mbedtls_ecdh_free( &srv );
- mbedtls_ecdh_free( &cli );
-}
-/* END_CASE */
-
/* BEGIN_CASE */
void ecdh_exchange_calc_secret( int grp_id,
data_t *our_private_key,
diff --git a/tests/suites/test_suite_ecdsa.data b/tests/suites/test_suite_ecdsa.data
index e510c50..95efc73 100644
--- a/tests/suites/test_suite_ecdsa.data
+++ b/tests/suites/test_suite_ecdsa.data
@@ -1,6 +1,3 @@
-ECDSA Parameter validation
-ecdsa_invalid_param:
-
ECDSA primitive hash zero #1
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecdsa_prim_zero:MBEDTLS_ECP_DP_SECP192R1
diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function
index 58cedc1..354f178 100644
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@@ -7,203 +7,6 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void ecdsa_invalid_param( )
-{
- mbedtls_ecdsa_context ctx;
- mbedtls_ecp_keypair key;
- mbedtls_ecp_group grp;
- mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP192R1;
- mbedtls_ecp_point P;
- mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256;
- mbedtls_mpi m;
- size_t slen;
- unsigned char buf[42] = { 0 };
-
- TEST_INVALID_PARAM( mbedtls_ecdsa_init( NULL ) );
- TEST_VALID_PARAM( mbedtls_ecdsa_free( NULL ) );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
- TEST_INVALID_PARAM( mbedtls_ecdsa_restart_init( NULL ) );
- TEST_VALID_PARAM( mbedtls_ecdsa_restart_free( NULL ) );
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign( NULL, &m, &m, &m,
- buf, sizeof( buf ),
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign( &grp, NULL, &m, &m,
- buf, sizeof( buf ),
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign( &grp, &m, NULL, &m,
- buf, sizeof( buf ),
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign( &grp, &m, &m, NULL,
- buf, sizeof( buf ),
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign( &grp, &m, &m, &m,
- NULL, sizeof( buf ),
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign( &grp, &m, &m, &m,
- buf, sizeof( buf ),
- NULL, NULL ) );
-
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign_det_ext( NULL, &m, &m, &m,
- buf, sizeof( buf ),
- valid_md,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign_det_ext( &grp, NULL, &m, &m,
- buf, sizeof( buf ),
- valid_md,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign_det_ext( &grp, &m, NULL, &m,
- buf, sizeof( buf ),
- valid_md,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, NULL,
- buf, sizeof( buf ),
- valid_md,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, &m,
- NULL, sizeof( buf ),
- valid_md,
- mbedtls_test_rnd_std_rand,
- NULL ) );
-#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_verify( NULL,
- buf, sizeof( buf ),
- &P, &m, &m ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_verify( &grp,
- NULL, sizeof( buf ),
- &P, &m, &m ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_verify( &grp,
- buf, sizeof( buf ),
- NULL, &m, &m ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_verify( &grp,
- buf, sizeof( buf ),
- &P, NULL, &m ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_verify( &grp,
- buf, sizeof( buf ),
- &P, &m, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature( NULL, valid_md, buf, sizeof( buf ),
- buf, &slen, mbedtls_test_rnd_std_rand,
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature( &ctx, valid_md, NULL, sizeof( buf ),
- buf, &slen, mbedtls_test_rnd_std_rand,
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature( &ctx, valid_md, buf, sizeof( buf ),
- NULL, &slen, mbedtls_test_rnd_std_rand,
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature( &ctx, valid_md, buf, sizeof( buf ),
- buf, NULL, mbedtls_test_rnd_std_rand,
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature_restartable( NULL, valid_md, buf,
- sizeof( buf ), buf, &slen,
- mbedtls_test_rnd_std_rand,
- NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, NULL,
- sizeof( buf ), buf, &slen,
- mbedtls_test_rnd_std_rand,
- NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, buf,
- sizeof( buf ), NULL, &slen,
- mbedtls_test_rnd_std_rand,
- NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, buf,
- sizeof( buf ), buf, NULL,
- mbedtls_test_rnd_std_rand,
- NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_read_signature( NULL,
- buf, sizeof( buf ),
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_read_signature( &ctx,
- NULL, sizeof( buf ),
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_read_signature( &ctx,
- buf, sizeof( buf ),
- NULL, sizeof( buf ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_read_signature_restartable( NULL,
- buf, sizeof( buf ),
- buf, sizeof( buf ),
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_read_signature_restartable( &ctx,
- NULL, sizeof( buf ),
- buf, sizeof( buf ),
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_read_signature_restartable( &ctx,
- buf, sizeof( buf ),
- NULL, sizeof( buf ),
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_genkey( NULL, valid_group,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_genkey( &ctx, valid_group,
- NULL, NULL ) );
-
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_from_keypair( NULL, &key ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_from_keypair( &ctx, NULL ) );
-
-exit:
- return;
-}
-/* END_CASE */
-
/* BEGIN_CASE */
void ecdsa_prim_zero( int id )
{
@@ -292,6 +95,8 @@
TEST_ASSERT( mbedtls_mpi_read_string( &d, 16, d_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &r_check, 16, r_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &s_check, 16, s_str ) == 0 );
+ rnd_info.fallback_f_rng = mbedtls_test_rnd_std_rand;
+ rnd_info.fallback_p_rng = NULL;
rnd_info.buf = rnd_buf->x;
rnd_info.length = rnd_buf->len;
diff --git a/tests/suites/test_suite_ecjpake.function b/tests/suites/test_suite_ecjpake.function
index ab672a8..311733b 100644
--- a/tests/suites/test_suite_ecjpake.function
+++ b/tests/suites/test_suite_ecjpake.function
@@ -98,100 +98,22 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+/* BEGIN_CASE depends_on:NOT_DEFINED */
void ecjpake_invalid_param( )
{
mbedtls_ecjpake_context ctx;
unsigned char buf[42] = { 0 };
- size_t olen;
size_t const len = sizeof( buf );
- mbedtls_ecjpake_role valid_role = MBEDTLS_ECJPAKE_SERVER;
mbedtls_ecjpake_role invalid_role = (mbedtls_ecjpake_role) 42;
mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256;
mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP256R1;
- TEST_INVALID_PARAM( mbedtls_ecjpake_init( NULL ) );
- TEST_VALID_PARAM( mbedtls_ecjpake_free( NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_setup( NULL,
- valid_role,
- valid_md,
- valid_group,
- buf, len ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ TEST_EQUAL( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecjpake_setup( &ctx,
invalid_role,
valid_md,
valid_group,
buf, len ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_setup( &ctx,
- valid_role,
- valid_md,
- valid_group,
- NULL, len ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_check( NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_one( NULL, buf, len, &olen,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_one( &ctx, NULL, len, &olen,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_one( &ctx, buf, len, NULL,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_one( &ctx, buf, len, &olen, NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_two( NULL, buf, len, &olen,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_two( &ctx, NULL, len, &olen,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_two( &ctx, buf, len, NULL,
- mbedtls_test_rnd_std_rand, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_two( &ctx, buf, len, &olen, NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_read_round_one( NULL,
- buf, len ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_read_round_one( &ctx,
- NULL, len ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_read_round_two( NULL,
- buf, len ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_read_round_two( &ctx,
- NULL, len ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_derive_secret( NULL, buf, len, &olen,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_derive_secret( &ctx, NULL, len, &olen,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_derive_secret( &ctx, buf, len, NULL,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_derive_secret( &ctx, buf, len, &olen, NULL, NULL ) );
exit:
return;
diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data
index 106791c..485046f 100644
--- a/tests/suites/test_suite_ecp.data
+++ b/tests/suites/test_suite_ecp.data
@@ -1,6 +1,3 @@
-ECP valid params
-ecp_valid_param:
-
ECP invalid params
ecp_invalid_param:
@@ -276,6 +273,42 @@
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
mbedtls_ecp_gen_key:MBEDTLS_ECP_DP_SECP192R1
+ECP generate Montgomery key: Curve25519, random in range
+genkey_mx_known_answer:254:"9e020406080a0c0e10121416181a1c1e20222426282a2c2e30323436383a3df0":"4f0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1ef8"
+
+ECP generate Montgomery key: Curve25519, clear higher bit
+genkey_mx_known_answer:254:"ff0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1ef8":"7f808101820283038404850586068707880889098a0a8b0b8c0c8d0d8e0e8f78"
+
+ECP generate Montgomery key: Curve25519, clear low bits
+genkey_mx_known_answer:254:"9e020406080a0c0e10121416181a1c1e20222426282a2c2e30323436383a3dff":"4f0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1ef8"
+
+ECP generate Montgomery key: Curve25519, random = all-bits-zero
+genkey_mx_known_answer:254:"0000000000000000000000000000000000000000000000000000000000000000":"4000000000000000000000000000000000000000000000000000000000000000"
+
+ECP generate Montgomery key: Curve25519, random = all-bits-one
+genkey_mx_known_answer:254:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":"7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff8"
+
+ECP generate Montgomery key: Curve25519, not enough entropy
+genkey_mx_known_answer:254:"4f0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e":""
+
+ECP generate Montgomery key: Curve448, random in range
+genkey_mx_known_answer:447:"cf0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536fc":"cf0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536fc"
+
+ECP generate Montgomery key: Curve448, set high bit
+genkey_mx_known_answer:447:"0f0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536fc":"8f0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536fc"
+
+ECP generate Montgomery key: Curve448, clear low bits
+genkey_mx_known_answer:447:"cf0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536ff":"cf0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536fc"
+
+ECP generate Montgomery key: Curve448, random = all-bits-zero
+genkey_mx_known_answer:447:"0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":"8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+
+ECP generate Montgomery key: Curve448, random = all-bits-one
+genkey_mx_known_answer:447:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc"
+
+ECP generate Montgomery key: Curve448, not enough entropy
+genkey_mx_known_answer:447:"4f0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536":""
+
ECP read key #1 (short weierstrass, too small)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
mbedtls_ecp_read_key:MBEDTLS_ECP_DP_SECP192R1:"00":MBEDTLS_ERR_ECP_INVALID_KEY:0
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 6d23377..f2b6376 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -15,6 +15,7 @@
#define ECP_PT_RESET( x ) \
mbedtls_ecp_point_free( x ); \
mbedtls_ecp_point_init( x );
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -22,347 +23,26 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE */
-void ecp_valid_param( )
-{
- TEST_VALID_PARAM( mbedtls_ecp_group_free( NULL ) );
- TEST_VALID_PARAM( mbedtls_ecp_keypair_free( NULL ) );
- TEST_VALID_PARAM( mbedtls_ecp_point_free( NULL ) );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
- TEST_VALID_PARAM( mbedtls_ecp_restart_free( NULL ) );
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-exit:
- return;
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+/* BEGIN_CASE depends_on:NOT_DEFINED */
void ecp_invalid_param( )
{
mbedtls_ecp_group grp;
- mbedtls_ecp_keypair kp;
mbedtls_ecp_point P;
- mbedtls_mpi m;
- const char *x = "deadbeef";
- int valid_fmt = MBEDTLS_ECP_PF_UNCOMPRESSED;
int invalid_fmt = 42;
size_t olen;
unsigned char buf[42] = { 0 };
- const unsigned char *null_buf = NULL;
- mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP192R1;
-#if defined(MBEDTLS_ECP_RESTARTABLE)
- mbedtls_ecp_restart_ctx restart_ctx;
-#endif /* MBEDTLS_ECP_RESTARTABLE */
- TEST_INVALID_PARAM( mbedtls_ecp_point_init( NULL ) );
- TEST_INVALID_PARAM( mbedtls_ecp_keypair_init( NULL ) );
- TEST_INVALID_PARAM( mbedtls_ecp_group_init( NULL ) );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
- TEST_INVALID_PARAM( mbedtls_ecp_restart_init( NULL ) );
- TEST_INVALID_PARAM( mbedtls_ecp_check_budget( NULL, &restart_ctx, 42 ) );
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_copy( NULL, &P ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_copy( &P, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_group_copy( NULL, &grp ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_group_copy( &grp, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_privkey( NULL,
- &m,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_privkey( &grp,
- NULL,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_privkey( &grp,
- &m,
- NULL,
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_set_zero( NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_is_zero( NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_cmp( NULL, &P ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_cmp( &P, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_read_string( NULL, 2,
- x, x ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_read_string( &P, 2,
- NULL, x ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_read_string( &P, 2,
- x, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_write_binary( NULL, &P,
- valid_fmt,
- &olen,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_write_binary( &grp, NULL,
- valid_fmt,
- &olen,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ TEST_EQUAL( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecp_point_write_binary( &grp, &P,
invalid_fmt,
&olen,
buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_write_binary( &grp, &P,
- valid_fmt,
- NULL,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_write_binary( &grp, &P,
- valid_fmt,
- &olen,
- NULL, sizeof( buf ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_read_binary( NULL, &P, buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_read_binary( &grp, NULL, buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_point_read_binary( &grp, &P, NULL,
- sizeof( buf ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_read_point( NULL, &P,
- (const unsigned char **) &buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_read_point( &grp, NULL,
- (const unsigned char **) &buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_read_point( &grp, &P, &null_buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_read_point( &grp, &P, NULL,
- sizeof( buf ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_write_point( NULL, &P,
- valid_fmt,
- &olen,
- buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_write_point( &grp, NULL,
- valid_fmt,
- &olen,
- buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ TEST_EQUAL( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecp_tls_write_point( &grp, &P,
invalid_fmt,
&olen,
buf,
sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_write_point( &grp, &P,
- valid_fmt,
- NULL,
- buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_write_point( &grp, &P,
- valid_fmt,
- &olen,
- NULL,
- sizeof( buf ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_group_load( NULL, valid_group ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_read_group( NULL,
- (const unsigned char **) &buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_read_group( &grp, NULL,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_read_group( &grp, &null_buf,
- sizeof( buf ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_read_group_id( NULL,
- (const unsigned char **) &buf,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_read_group_id( &valid_group, NULL,
- sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_read_group_id( &valid_group,
- &null_buf,
- sizeof( buf ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_write_group( NULL, &olen,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_write_group( &grp, NULL,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_tls_write_group( &grp, &olen,
- NULL, sizeof( buf ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_mul( NULL, &P, &m, &P,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_mul( &grp, NULL, &m, &P,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_mul( &grp, &P, NULL, &P,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_mul( &grp, &P, &m, NULL,
- mbedtls_test_rnd_std_rand,
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_mul_restartable( NULL, &P, &m, &P,
- mbedtls_test_rnd_std_rand,
- NULL , NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_mul_restartable( &grp, NULL, &m, &P,
- mbedtls_test_rnd_std_rand,
- NULL , NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_mul_restartable( &grp, &P, NULL, &P,
- mbedtls_test_rnd_std_rand,
- NULL , NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_mul_restartable( &grp, &P, &m, NULL,
- mbedtls_test_rnd_std_rand,
- NULL , NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd( NULL, &P, &m, &P,
- &m, &P ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd( &grp, NULL, &m, &P,
- &m, &P ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd( &grp, &P, NULL, &P,
- &m, &P ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd( &grp, &P, &m, NULL,
- &m, &P ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd( &grp, &P, &m, &P,
- NULL, &P ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd( &grp, &P, &m, &P,
- &m, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd_restartable( NULL, &P, &m, &P,
- &m, &P, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd_restartable( &grp, NULL, &m, &P,
- &m, &P, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd_restartable( &grp, &P, NULL, &P,
- &m, &P, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd_restartable( &grp, &P, &m, NULL,
- &m, &P, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd_restartable( &grp, &P, &m, &P,
- NULL, &P, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_muladd_restartable( &grp, &P, &m, &P,
- &m, NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_check_pubkey( NULL, &P ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_check_pubkey( &grp, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_check_pub_priv( NULL, &kp ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_check_pub_priv( &kp, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_check_privkey( NULL, &m ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_check_privkey( &grp, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair_base( NULL, &P, &m, &P,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair_base( &grp, NULL, &m, &P,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair_base( &grp, &P, NULL, &P,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair_base( &grp, &P, &m, NULL,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair_base( &grp, &P, &m, &P, NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair( NULL,
- &m, &P,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair( &grp,
- NULL, &P,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair( &grp,
- &m, NULL,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair( &grp,
- &m, &P,
- NULL,
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_key( valid_group, NULL,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_key( valid_group, &kp,
- NULL, NULL ) );
exit:
return;
@@ -385,6 +65,8 @@
TEST_ASSERT( by_id == by_name );
TEST_ASSERT( by_id->bit_size == size );
+ TEST_ASSERT( size <= MBEDTLS_ECP_MAX_BITS );
+ TEST_ASSERT( size <= MBEDTLS_ECP_MAX_BYTES * 8 );
}
/* END_CASE */
@@ -793,6 +475,7 @@
TEST_EQUAL( 0, mbedtls_ecp_point_write_binary(
&grp, &R, MBEDTLS_ECP_PF_UNCOMPRESSED,
&len, actual_result, sizeof( actual_result ) ) );
+ TEST_ASSERT( len <= MBEDTLS_ECP_MAX_PT_LEN );
ASSERT_COMPARE( expected_result->x, expected_result->len,
actual_result, len );
@@ -864,6 +547,7 @@
if( ret == 0 )
{
+ TEST_ASSERT( olen <= MBEDTLS_ECP_MAX_PT_LEN );
TEST_ASSERT( mbedtls_test_hexcmp( buf, out->x, olen, out->len ) == 0 );
}
@@ -1237,6 +921,55 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_MONTGOMERY_ENABLED */
+void genkey_mx_known_answer( int bits, data_t *seed, data_t *expected )
+{
+ mbedtls_test_rnd_buf_info rnd_info;
+ mbedtls_mpi d;
+ int ret;
+ uint8_t *actual = NULL;
+
+ mbedtls_mpi_init( &d );
+ rnd_info.buf = seed->x;
+ rnd_info.length = seed->len;
+ rnd_info.fallback_f_rng = NULL;
+ rnd_info.fallback_p_rng = NULL;
+
+ ASSERT_ALLOC( actual, expected->len );
+
+ ret = mbedtls_ecp_gen_privkey_mx( bits, &d,
+ mbedtls_test_rnd_buffer_rand, &rnd_info );
+
+ if( expected->len == 0 )
+ {
+ /* Expecting an error (happens if there isn't enough randomness) */
+ TEST_ASSERT( ret != 0 );
+ }
+ else
+ {
+ TEST_EQUAL( ret, 0 );
+ TEST_EQUAL( (size_t) bits + 1, mbedtls_mpi_bitlen( &d ) );
+ TEST_EQUAL( 0, mbedtls_mpi_write_binary( &d, actual, expected->len ) );
+ /* Test the exact result. This assumes that the output of the
+ * RNG is used in a specific way, which is overly constraining.
+ * The advantage is that it's easier to test the expected properties
+ * of the generated key:
+ * - The most significant bit must be at a specific positions
+ * (can be enforced by checking the bit-length).
+ * - The least significant bits must have specific values
+ * (can be enforced by checking these bits).
+ * - Other bits must be random (by testing with different RNG outputs,
+ * we validate that those bits are indeed influenced by the RNG). */
+ ASSERT_COMPARE( expected->x, expected->len,
+ actual, expected->len );
+ }
+
+exit:
+ mbedtls_free( actual );
+ mbedtls_mpi_free( &d );
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void ecp_selftest( )
{
diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function
index 9733eb2..a6b0a4c 100644
--- a/tests/suites/test_suite_gcm.function
+++ b/tests/suites/test_suite_gcm.function
@@ -181,178 +181,26 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+/* BEGIN_CASE depends_on:NOT_DEFINED */
void gcm_invalid_param( )
{
mbedtls_gcm_context ctx;
unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
mbedtls_cipher_id_t valid_cipher = MBEDTLS_CIPHER_ID_AES;
- int valid_mode = MBEDTLS_GCM_ENCRYPT;
- int valid_len = sizeof(valid_buffer);
- int valid_bitlen = 128, invalid_bitlen = 1;
- size_t olen;
+ int invalid_bitlen = 1;
mbedtls_gcm_init( &ctx );
- /* mbedtls_gcm_init() */
- TEST_INVALID_PARAM( mbedtls_gcm_init( NULL ) );
-
/* mbedtls_gcm_setkey */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_setkey( NULL, valid_cipher, valid_buffer, valid_bitlen ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_setkey( &ctx, valid_cipher, NULL, valid_bitlen ) );
- TEST_INVALID_PARAM_RET(
+ TEST_EQUAL(
MBEDTLS_ERR_GCM_BAD_INPUT,
mbedtls_gcm_setkey( &ctx, valid_cipher, valid_buffer, invalid_bitlen ) );
- /* mbedtls_gcm_crypt_and_tag() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_crypt_and_tag( NULL, valid_mode, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_len, valid_buffer ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len,
- NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_len, valid_buffer ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len,
- valid_buffer, valid_len,
- NULL, valid_len,
- valid_buffer, valid_buffer,
- valid_len, valid_buffer ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- NULL, valid_buffer,
- valid_len, valid_buffer ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, NULL,
- valid_len, valid_buffer ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer,
- valid_len, NULL ) );
-
- /* mbedtls_gcm_auth_decrypt() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_auth_decrypt( NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_auth_decrypt( &ctx, valid_len,
- NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- NULL, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_buffer) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- NULL, valid_len,
- valid_buffer, valid_buffer) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- NULL, valid_buffer) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_auth_decrypt( &ctx, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, valid_len,
- valid_buffer, NULL) );
-
- /* mbedtls_gcm_starts() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_starts( NULL, valid_mode,
- valid_buffer, valid_len ) );
-
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_starts( &ctx, valid_mode,
- NULL, valid_len ) );
-
- /* mbedtls_gcm_update_ad() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_update_ad( &ctx,
- NULL, valid_len ) );
-
- /* mbedtls_gcm_update() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_update( NULL, valid_buffer, valid_len,
- valid_buffer, valid_len, &olen ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_update( &ctx, NULL, valid_len,
- valid_buffer, valid_len, &olen ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_update( &ctx, valid_buffer, valid_len,
- NULL, valid_len, &olen ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_update( &ctx, valid_buffer, valid_len,
- valid_buffer, valid_len, NULL ) );
-
- /* mbedtls_gcm_finish() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_finish( NULL, NULL, 0, valid_buffer, valid_len ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_GCM_BAD_INPUT,
- mbedtls_gcm_finish( &ctx, NULL, 0, NULL, valid_len ) );
-
exit:
mbedtls_gcm_free( &ctx );
}
/* END_CASE */
-/* BEGIN_CASE */
-void gcm_valid_param( )
-{
- TEST_VALID_PARAM( mbedtls_gcm_free( NULL ) );
-exit:
- return;
-}
-/* END_CASE */
-
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void gcm_selftest( )
{
diff --git a/tests/suites/test_suite_gcm.misc.data b/tests/suites/test_suite_gcm.misc.data
index cf01526..f22b7a3 100644
--- a/tests/suites/test_suite_gcm.misc.data
+++ b/tests/suites/test_suite_gcm.misc.data
@@ -1,5 +1,2 @@
GCM - Invalid parameters
gcm_invalid_param:
-
-GCM - Valid parameters
-gcm_valid_param:
diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function
index aa35c58..1ee7229 100644
--- a/tests/suites/test_suite_mdx.function
+++ b/tests/suites/test_suite_mdx.function
@@ -17,7 +17,7 @@
strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 );
- ret = mbedtls_md2_ret( src_str, strlen( (char *) src_str ), output );
+ ret = mbedtls_md2( src_str, strlen( (char *) src_str ), output );
TEST_ASSERT( ret == 0 ) ;
TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
@@ -37,7 +37,7 @@
strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 );
- ret = mbedtls_md4_ret( src_str, strlen( (char *) src_str ), output );
+ ret = mbedtls_md4( src_str, strlen( (char *) src_str ), output );
TEST_ASSERT( ret == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
@@ -57,7 +57,7 @@
strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 );
- ret = mbedtls_md5_ret( src_str, strlen( (char *) src_str ), output );
+ ret = mbedtls_md5( src_str, strlen( (char *) src_str ), output );
TEST_ASSERT( ret == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
@@ -77,7 +77,7 @@
strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 );
- ret = mbedtls_ripemd160_ret( src_str, strlen( (char *) src_str ), output );
+ ret = mbedtls_ripemd160( src_str, strlen( (char *) src_str ), output );
TEST_ASSERT( ret == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x,
diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data
index 59fd782..553b8eb 100644
--- a/tests/suites/test_suite_mpi.data
+++ b/tests/suites/test_suite_mpi.data
@@ -1,9 +1,3 @@
-MPI - Valid parameters
-mpi_valid_param:
-
-MPI - Invalid parameters
-mpi_invalid_param:
-
Arguments with no value
mpi_null:
@@ -992,46 +986,246 @@
mbedtls_mpi_set_bit:16:"00":5:2:16:"00":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Fill random: 0 bytes
-mpi_fill_random:0:0:0
+mpi_fill_random:0:0:0:0
Fill random: 1 byte, good
-mpi_fill_random:1:1:0
+mpi_fill_random:1:1:0:0
Fill random: 2 bytes, good, no leading zero
-mpi_fill_random:2:2:0
+mpi_fill_random:2:2:0:0
Fill random: 2 bytes, good, 1 leading zero
-mpi_fill_random:2:256:0
+mpi_fill_random:2:256:0:0
Fill random: MAX_SIZE - 7, good
-mpi_fill_random:MBEDTLS_MPI_MAX_SIZE - 7:MBEDTLS_MPI_MAX_SIZE - 7:0
+mpi_fill_random:MBEDTLS_MPI_MAX_SIZE - 7:MBEDTLS_MPI_MAX_SIZE - 7:0:0
Fill random: MAX_SIZE, good
-mpi_fill_random:MBEDTLS_MPI_MAX_SIZE:MBEDTLS_MPI_MAX_SIZE:0
+mpi_fill_random:MBEDTLS_MPI_MAX_SIZE:MBEDTLS_MPI_MAX_SIZE:0:0
+
+Fill random: 0 bytes, previously small >0
+mpi_fill_random:0:0:1:0
+
+Fill random: 0 bytes, previously small <0
+mpi_fill_random:0:0:-1:0
+
+Fill random: 0 bytes, previously large >0
+mpi_fill_random:0:0:65:0
+
+Fill random: 0 bytes, previously large <0
+mpi_fill_random:0:0:-65:0
+
+Fill random: 1 byte, previously small >0
+mpi_fill_random:1:1:1:0
+
+Fill random: 1 byte, previously small <0
+mpi_fill_random:1:1:-1:0
+
+Fill random: 1 byte, previously large >0
+mpi_fill_random:1:1:65:0
+
+Fill random: 1 byte, previously large <0
+mpi_fill_random:1:1:-65:0
+
+Fill random: 9 bytes, previously small >0
+mpi_fill_random:1:1:1:0
+
+Fill random: 9 bytes, previously small <0
+mpi_fill_random:1:1:-1:0
Fill random: 1 byte, RNG failure
-mpi_fill_random:1:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+mpi_fill_random:1:0:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
Fill random: 2 bytes, RNG failure after 1 byte
-mpi_fill_random:2:1:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+mpi_fill_random:2:1:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
Fill random: 4 bytes, RNG failure after 3 bytes
-mpi_fill_random:4:3:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+mpi_fill_random:4:3:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
Fill random: 8 bytes, RNG failure after 7 bytes
-mpi_fill_random:8:7:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+mpi_fill_random:8:7:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
Fill random: 16 bytes, RNG failure after 1 bytes
-mpi_fill_random:16:1:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+mpi_fill_random:16:1:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
Fill random: 16 bytes, RNG failure after 8 bytes
-mpi_fill_random:16:8:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+mpi_fill_random:16:8:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
Fill random: 16 bytes, RNG failure after 15 bytes
-mpi_fill_random:16:15:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+mpi_fill_random:16:15:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
Fill random: MAX_SIZE bytes, RNG failure after MAX_SIZE-1 bytes
-mpi_fill_random:MBEDTLS_MPI_MAX_SIZE:MBEDTLS_MPI_MAX_SIZE-1:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+mpi_fill_random:MBEDTLS_MPI_MAX_SIZE:MBEDTLS_MPI_MAX_SIZE-1:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+
+MPI random in range: 1..2
+mpi_random_many:1:"02":1000
+
+MPI random in range: 1..3
+mpi_random_many:1:"03":1000
+
+MPI random in range: 1..4
+mpi_random_many:1:"04":1000
+
+MPI random in range: 1..5
+mpi_random_many:1:"05":1000
+
+MPI random in range: 1..6
+mpi_random_many:1:"06":1000
+
+MPI random in range: 1..7
+mpi_random_many:1:"07":1000
+
+MPI random in range: 1..8
+mpi_random_many:1:"08":1000
+
+MPI random in range: 1..9
+mpi_random_many:1:"09":1000
+
+MPI random in range: 1..10
+mpi_random_many:1:"0a":1000
+
+MPI random in range: 1..11
+mpi_random_many:1:"0b":1000
+
+MPI random in range: 1..12
+mpi_random_many:1:"0c":1000
+
+MPI random in range: 1..255
+mpi_random_many:1:"ff":100
+
+MPI random in range: 1..256
+mpi_random_many:1:"0100":100
+
+MPI random in range: 1..257
+mpi_random_many:1:"0101":100
+
+MPI random in range: 1..272
+mpi_random_many:1:"0110":100
+
+MPI random in range: 1..2^64-1
+mpi_random_many:1:"ffffffffffffffff":100
+
+MPI random in range: 1..2^64
+mpi_random_many:1:"010000000000000000":100
+
+MPI random in range: 1..2^64+1
+mpi_random_many:1:"010000000000000001":100
+
+MPI random in range: 1..2^64+2^63
+mpi_random_many:1:"018000000000000000":100
+
+MPI random in range: 1..2^65-1
+mpi_random_many:1:"01ffffffffffffffff":100
+
+MPI random in range: 1..2^65
+mpi_random_many:1:"020000000000000000":100
+
+MPI random in range: 1..2^65+1
+mpi_random_many:1:"020000000000000001":100
+
+MPI random in range: 1..2^65+2^64
+mpi_random_many:1:"030000000000000000":100
+
+MPI random in range: 1..2^66+2^65
+mpi_random_many:1:"060000000000000000":100
+
+MPI random in range: 1..2^71-1
+mpi_random_many:1:"7fffffffffffffffff":100
+
+MPI random in range: 1..2^71
+mpi_random_many:1:"800000000000000000":100
+
+MPI random in range: 1..2^71+1
+mpi_random_many:1:"800000000000000001":100
+
+MPI random in range: 1..2^71+2^70
+mpi_random_many:1:"c00000000000000000":100
+
+MPI random in range: 1..2^72-1
+mpi_random_many:1:"ffffffffffffffffff":100
+
+MPI random in range: 1..2^72
+mpi_random_many:1:"01000000000000000000":100
+
+MPI random in range: 1..2^72+1
+mpi_random_many:1:"01000000000000000001":100
+
+MPI random in range: 1..2^72+2^71
+mpi_random_many:1:"01800000000000000000":100
+
+MPI random in range: 0..1
+mpi_random_many:0:"04":10000
+
+MPI random in range: 0..4
+mpi_random_many:0:"04":10000
+
+MPI random in range: 2..4
+mpi_random_many:2:"04":10000
+
+MPI random in range: 3..4
+mpi_random_many:3:"04":10000
+
+MPI random in range: smaller result
+mpi_random_sizes:1:"aaaaaaaaaaaaaaaabbbbbbbbbbbbbbbb":1:0
+
+MPI random in range: same size result (32-bit limbs)
+mpi_random_sizes:1:"aaaaaaaaaaaaaaaa":2:0
+
+MPI random in range: same size result (64-bit limbs)
+mpi_random_sizes:1:"aaaaaaaaaaaaaaaa":1:0
+
+MPI random in range: larger result
+mpi_random_sizes:1:"aaaaaaaaaaaaaaaa":3:0
+
+## The "0 limb in upper bound" tests rely on the fact that
+## mbedtls_mpi_read_binary() bases the size of the MPI on the size of
+## the input, without first checking for leading zeros. If this was
+## not the case, the tests would still pass, but would not exercise
+## the advertised behavior.
+MPI random in range: leading 0 limb in upper bound #0
+mpi_random_sizes:1:"00aaaaaaaaaaaaaaaa":0:0
+
+MPI random in range: leading 0 limb in upper bound #1
+mpi_random_sizes:1:"00aaaaaaaaaaaaaaaa":1:0
+
+MPI random in range: leading 0 limb in upper bound #2
+mpi_random_sizes:1:"00aaaaaaaaaaaaaaaa":2:0
+
+MPI random in range: leading 0 limb in upper bound #3
+mpi_random_sizes:1:"00aaaaaaaaaaaaaaaa":3:0
+
+MPI random in range: leading 0 limb in upper bound #4
+mpi_random_sizes:1:"00aaaaaaaaaaaaaaaa":4:0
+
+MPI random in range: previously small >0
+mpi_random_sizes:1:"1234567890":4:1
+
+MPI random in range: previously small <0
+mpi_random_sizes:1:"1234567890":4:-1
+
+MPI random in range: previously large >0
+mpi_random_sizes:1:"1234":4:65
+
+MPI random in range: previously large <0
+mpi_random_sizes:1:"1234":4:-65
+
+MPI random bad arguments: min < 0
+mpi_random_fail:-1:"04":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+
+MPI random bad arguments: min = N = 0
+mpi_random_fail:0:"00":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+
+MPI random bad arguments: min = N = 1
+mpi_random_fail:1:"01":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+
+MPI random bad arguments: min > N = 0
+mpi_random_fail:1:"00":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+
+MPI random bad arguments: min > N = 1
+mpi_random_fail:2:"01":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+
+MPI random bad arguments: min > N = 1, 0 limb in upper bound
+mpi_random_fail:2:"000000000000000001":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
MPI Selftest
depends_on:MBEDTLS_SELF_TEST
diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function
index c5bb5a6..eb918b3 100644
--- a/tests/suites/test_suite_mpi.function
+++ b/tests/suites/test_suite_mpi.function
@@ -64,6 +64,50 @@
return( 0 );
}
+/* Test whether bytes represents (in big-endian base 256) a number b that
+ * is significantly above a power of 2. That is, b must not have a long run
+ * of unset bits after the most significant bit.
+ *
+ * Let n be the bit-size of b, i.e. the integer such that 2^n <= b < 2^{n+1}.
+ * This function returns 1 if, when drawing a number between 0 and b,
+ * the probability that this number is at least 2^n is not negligible.
+ * This probability is (b - 2^n) / b and this function checks that this
+ * number is above some threshold A. The threshold value is heuristic and
+ * based on the needs of mpi_random_many().
+ */
+static int is_significantly_above_a_power_of_2( data_t *bytes )
+{
+ const uint8_t *p = bytes->x;
+ size_t len = bytes->len;
+ unsigned x;
+
+ /* Skip leading null bytes */
+ while( len > 0 && p[0] == 0 )
+ {
+ ++p;
+ --len;
+ }
+ /* 0 is not significantly above a power of 2 */
+ if( len == 0 )
+ return( 0 );
+ /* Extract the (up to) 2 most significant bytes */
+ if( len == 1 )
+ x = p[0];
+ else
+ x = ( p[0] << 8 ) | p[1];
+
+ /* Shift the most significant bit of x to position 8 and mask it out */
+ while( ( x & 0xfe00 ) != 0 )
+ x >>= 1;
+ x &= 0x00ff;
+
+ /* At this point, x = floor((b - 2^n) / 2^(n-8)). b is significantly above
+ * a power of 2 iff x is significantly above 0 compared to 2^8.
+ * Testing x >= 2^4 amounts to picking A = 1/16 in the function
+ * description above. */
+ return( x >= 0x10 );
+}
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -72,221 +116,6 @@
*/
/* BEGIN_CASE */
-void mpi_valid_param( )
-{
- TEST_VALID_PARAM( mbedtls_mpi_free( NULL ) );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void mpi_invalid_param( )
-{
- mbedtls_mpi X;
- const char *s_in = "00101000101010";
- char s_out[16] = { 0 };
- unsigned char u_out[16] = { 0 };
- unsigned char u_in[16] = { 0 };
- size_t olen;
- mbedtls_mpi_uint mpi_uint;
-
- TEST_INVALID_PARAM( mbedtls_mpi_init( NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_grow( NULL, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_copy( NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_copy( &X, NULL ) );
-
- TEST_INVALID_PARAM( mbedtls_mpi_swap( NULL, &X ) );
- TEST_INVALID_PARAM( mbedtls_mpi_swap( &X, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_safe_cond_assign( NULL, &X, 0 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_safe_cond_assign( &X, NULL, 0 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_safe_cond_swap( NULL, &X, 0 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_safe_cond_swap( &X, NULL, 0 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_lset( NULL, 42 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_get_bit( NULL, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_set_bit( NULL, 42, 0 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_read_string( NULL, 2, s_in ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_read_string( &X, 2, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_write_string( NULL, 2,
- s_out, sizeof( s_out ),
- &olen ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_write_string( &X, 2,
- NULL, sizeof( s_out ),
- &olen ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_write_string( &X, 2,
- s_out, sizeof( s_out ),
- NULL ) );
-
-#if defined(MBEDTLS_FS_IO)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_read_file( NULL, 2, stdin ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_read_file( &X, 2, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_write_file( "", NULL, 2, NULL ) );
-#endif /* MBEDTLS_FS_IO */
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_read_binary( NULL, u_in,
- sizeof( u_in ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_read_binary( &X, NULL,
- sizeof( u_in ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_write_binary( NULL, u_out,
- sizeof( u_out ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_write_binary( &X, NULL,
- sizeof( u_out ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_shift_l( NULL, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_shift_r( NULL, 42 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_cmp_abs( NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_cmp_abs( &X, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_cmp_mpi( NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_cmp_mpi( &X, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_cmp_int( NULL, 42 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_add_abs( NULL, &X, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_add_abs( &X, NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_add_abs( &X, &X, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_sub_abs( NULL, &X, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_sub_abs( &X, NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_sub_abs( &X, &X, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_add_mpi( NULL, &X, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_add_mpi( &X, NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_add_mpi( &X, &X, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_sub_mpi( NULL, &X, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_sub_mpi( &X, NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_sub_mpi( &X, &X, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_add_int( NULL, &X, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_add_int( &X, NULL, 42 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_sub_int( NULL, &X, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_sub_int( &X, NULL, 42 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_mul_mpi( NULL, &X, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_mul_mpi( &X, NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_mul_mpi( &X, &X, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_mul_int( NULL, &X, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_mul_int( &X, NULL, 42 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_div_mpi( &X, &X, NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_div_mpi( &X, &X, &X, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_div_int( &X, &X, NULL, 42 ) );
-
- TEST_INVALID_PARAM_RET( 0, mbedtls_mpi_lsb( NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_mod_mpi( NULL, &X, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_mod_mpi( &X, NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_mod_mpi( &X, &X, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_mod_int( NULL, &X, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_mod_int( &mpi_uint, NULL, 42 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_exp_mod( NULL, &X, &X, &X, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_exp_mod( &X, NULL, &X, &X, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_exp_mod( &X, &X, NULL, &X, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_exp_mod( &X, &X, &X, NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_fill_random( NULL, 42,
- mbedtls_test_rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_fill_random( &X, 42, NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_gcd( NULL, &X, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_gcd( &X, NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_gcd( &X, &X, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_inv_mod( NULL, &X, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_inv_mod( &X, NULL, &X ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_inv_mod( &X, &X, NULL ) );
-
-exit:
- return;
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
void mpi_null( )
{
mbedtls_mpi X, Y, Z;
@@ -1366,13 +1195,23 @@
/* END_CASE */
/* BEGIN_CASE */
-void mpi_fill_random( int wanted_bytes, int rng_bytes, int expected_ret )
+void mpi_fill_random( int wanted_bytes, int rng_bytes,
+ int before, int expected_ret )
{
mbedtls_mpi X;
int ret;
size_t bytes_left = rng_bytes;
mbedtls_mpi_init( &X );
+ if( before != 0 )
+ {
+ /* Set X to sign(before) * 2^(|before|-1) */
+ TEST_ASSERT( mbedtls_mpi_lset( &X, before > 0 ? 1 : -1 ) == 0 );
+ if( before < 0 )
+ before = - before;
+ TEST_ASSERT( mbedtls_mpi_shift_l( &X, before - 1 ) == 0 );
+ }
+
ret = mbedtls_mpi_fill_random( &X, wanted_bytes,
f_rng_bytes_left, &bytes_left );
TEST_ASSERT( ret == expected_ret );
@@ -1396,6 +1235,168 @@
}
/* END_CASE */
+/* BEGIN_CASE */
+void mpi_random_many( int min, data_t *bound_bytes, int iterations )
+{
+ /* Generate numbers in the range 1..bound-1. Do it iterations times.
+ * This function assumes that the value of bound is at least 2 and
+ * that iterations is large enough that a one-in-2^iterations chance
+ * effectively never occurs.
+ */
+
+ mbedtls_mpi upper_bound;
+ size_t n_bits;
+ mbedtls_mpi result;
+ size_t b;
+ /* If upper_bound is small, stats[b] is the number of times the value b
+ * has been generated. Otherwise stats[b] is the number of times a
+ * value with bit b set has been generated. */
+ size_t *stats = NULL;
+ size_t stats_len;
+ int full_stats;
+ size_t i;
+
+ mbedtls_mpi_init( &upper_bound );
+ mbedtls_mpi_init( &result );
+
+ TEST_EQUAL( 0, mbedtls_mpi_read_binary( &upper_bound,
+ bound_bytes->x, bound_bytes->len ) );
+ n_bits = mbedtls_mpi_bitlen( &upper_bound );
+ /* Consider a bound "small" if it's less than 2^5. This value is chosen
+ * to be small enough that the probability of missing one value is
+ * negligible given the number of iterations. It must be less than
+ * 256 because some of the code below assumes that "small" values
+ * fit in a byte. */
+ if( n_bits <= 5 )
+ {
+ full_stats = 1;
+ stats_len = bound_bytes->x[bound_bytes->len - 1];
+ }
+ else
+ {
+ full_stats = 0;
+ stats_len = n_bits;
+ }
+ ASSERT_ALLOC( stats, stats_len );
+
+ for( i = 0; i < (size_t) iterations; i++ )
+ {
+ mbedtls_test_set_step( i );
+ TEST_EQUAL( 0, mbedtls_mpi_random( &result, min, &upper_bound,
+ mbedtls_test_rnd_std_rand, NULL ) );
+
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &result, &upper_bound ) < 0 );
+ TEST_ASSERT( mbedtls_mpi_cmp_int( &result, min ) >= 0 );
+ if( full_stats )
+ {
+ uint8_t value;
+ TEST_EQUAL( 0, mbedtls_mpi_write_binary( &result, &value, 1 ) );
+ TEST_ASSERT( value < stats_len );
+ ++stats[value];
+ }
+ else
+ {
+ for( b = 0; b < n_bits; b++ )
+ stats[b] += mbedtls_mpi_get_bit( &result, b );
+ }
+ }
+
+ if( full_stats )
+ {
+ for( b = min; b < stats_len; b++ )
+ {
+ mbedtls_test_set_step( 1000000 + b );
+ /* Assert that each value has been reached at least once.
+ * This is almost guaranteed if the iteration count is large
+ * enough. This is a very crude way of checking the distribution.
+ */
+ TEST_ASSERT( stats[b] > 0 );
+ }
+ }
+ else
+ {
+ int statistically_safe_all_the_way =
+ is_significantly_above_a_power_of_2( bound_bytes );
+ for( b = 0; b < n_bits; b++ )
+ {
+ mbedtls_test_set_step( 1000000 + b );
+ /* Assert that each bit has been set in at least one result and
+ * clear in at least one result. Provided that iterations is not
+ * too small, it would be extremely unlikely for this not to be
+ * the case if the results are uniformly distributed.
+ *
+ * As an exception, the top bit may legitimately never be set
+ * if bound is a power of 2 or only slightly above.
+ */
+ if( statistically_safe_all_the_way || b != n_bits - 1 )
+ {
+ TEST_ASSERT( stats[b] > 0 );
+ }
+ TEST_ASSERT( stats[b] < (size_t) iterations );
+ }
+ }
+
+exit:
+ mbedtls_mpi_free( &upper_bound );
+ mbedtls_mpi_free( &result );
+ mbedtls_free( stats );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mpi_random_sizes( int min, data_t *bound_bytes, int nlimbs, int before )
+{
+ mbedtls_mpi upper_bound;
+ mbedtls_mpi result;
+
+ mbedtls_mpi_init( &upper_bound );
+ mbedtls_mpi_init( &result );
+
+ if( before != 0 )
+ {
+ /* Set result to sign(before) * 2^(|before|-1) */
+ TEST_ASSERT( mbedtls_mpi_lset( &result, before > 0 ? 1 : -1 ) == 0 );
+ if( before < 0 )
+ before = - before;
+ TEST_ASSERT( mbedtls_mpi_shift_l( &result, before - 1 ) == 0 );
+ }
+
+ TEST_EQUAL( 0, mbedtls_mpi_grow( &result, nlimbs ) );
+ TEST_EQUAL( 0, mbedtls_mpi_read_binary( &upper_bound,
+ bound_bytes->x, bound_bytes->len ) );
+ TEST_EQUAL( 0, mbedtls_mpi_random( &result, min, &upper_bound,
+ mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &result, &upper_bound ) < 0 );
+ TEST_ASSERT( mbedtls_mpi_cmp_int( &result, min ) >= 0 );
+
+exit:
+ mbedtls_mpi_free( &upper_bound );
+ mbedtls_mpi_free( &result );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mpi_random_fail( int min, data_t *bound_bytes, int expected_ret )
+{
+ mbedtls_mpi upper_bound;
+ mbedtls_mpi result;
+ int actual_ret;
+
+ mbedtls_mpi_init( &upper_bound );
+ mbedtls_mpi_init( &result );
+
+ TEST_EQUAL( 0, mbedtls_mpi_read_binary( &upper_bound,
+ bound_bytes->x, bound_bytes->len ) );
+ actual_ret = mbedtls_mpi_random( &result, min, &upper_bound,
+ mbedtls_test_rnd_std_rand, NULL );
+ TEST_EQUAL( expected_ret, actual_ret );
+
+exit:
+ mbedtls_mpi_free( &upper_bound );
+ mbedtls_mpi_free( &result );
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void mpi_selftest( )
{
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index 9ebdc7e..5eb145d 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -1,6 +1,3 @@
-PK invalid parameters
-invalid_parameters:
-
PK valid parameters
valid_parameters:
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index ddef836..573c9d4 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -211,12 +211,6 @@
mbedtls_pk_init( &pk );
- TEST_VALID_PARAM( mbedtls_pk_free( NULL ) );
-
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
- TEST_VALID_PARAM( mbedtls_pk_restart_free( NULL ) );
-#endif
-
TEST_ASSERT( mbedtls_pk_setup( &pk, NULL ) ==
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
@@ -323,275 +317,6 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void invalid_parameters( )
-{
- size_t len;
- unsigned char *null_buf = NULL;
- unsigned char buf[1];
- unsigned char *p = buf;
- char str[1] = {0};
- mbedtls_pk_context pk;
- mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256;
- void *options = buf;
-
- (void) null_buf;
- (void) p;
- (void) str;
-
- mbedtls_pk_init( &pk );
-
- TEST_INVALID_PARAM( mbedtls_pk_init( NULL ) );
-
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
- TEST_INVALID_PARAM( mbedtls_pk_restart_init( NULL ) );
-#endif
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_setup( NULL, NULL ) );
-
-#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_setup_rsa_alt( NULL, buf,
- NULL, NULL, NULL ) );
-#endif
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify_restartable( NULL,
- MBEDTLS_MD_NONE,
- buf, sizeof( buf ),
- buf, sizeof( buf ),
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify_restartable( &pk,
- MBEDTLS_MD_NONE,
- NULL, sizeof( buf ),
- buf, sizeof( buf ),
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify_restartable( &pk,
- valid_md,
- NULL, 0,
- buf, sizeof( buf ),
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify_restartable( &pk,
- MBEDTLS_MD_NONE,
- buf, sizeof( buf ),
- NULL, sizeof( buf ),
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify( NULL,
- MBEDTLS_MD_NONE,
- buf, sizeof( buf ),
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify( &pk,
- MBEDTLS_MD_NONE,
- NULL, sizeof( buf ),
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify( &pk,
- valid_md,
- NULL, 0,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify( &pk,
- MBEDTLS_MD_NONE,
- buf, sizeof( buf ),
- NULL, sizeof( buf ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
- NULL,
- MBEDTLS_MD_NONE,
- buf, sizeof( buf ),
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
- &pk,
- MBEDTLS_MD_NONE,
- NULL, sizeof( buf ),
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
- &pk,
- valid_md,
- NULL, 0,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options,
- &pk,
- MBEDTLS_MD_NONE,
- buf, sizeof( buf ),
- NULL, sizeof( buf ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign_restartable( NULL, MBEDTLS_MD_NONE, buf, sizeof( buf ),
- buf, &len, mbedtls_test_rnd_std_rand,
- NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_NONE, NULL, sizeof( buf ),
- buf, &len, mbedtls_test_rnd_std_rand,
- NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign_restartable( &pk, valid_md, NULL, 0, buf, &len,
- mbedtls_test_rnd_std_rand, NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_NONE, buf, sizeof( buf ),
- NULL, &len, mbedtls_test_rnd_std_rand,
- NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign( NULL, MBEDTLS_MD_NONE, buf, sizeof( buf ),
- buf, &len, mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, NULL, sizeof( buf ),
- buf, &len, mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign( &pk, valid_md, NULL, 0, buf, &len,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, buf, sizeof( buf ), NULL, &len,
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_decrypt( NULL, buf, sizeof( buf ), buf, &len, sizeof( buf ),
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_decrypt( &pk, NULL, sizeof( buf ), buf, &len, sizeof( buf ),
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_decrypt( &pk, buf, sizeof( buf ), NULL, &len, sizeof( buf ),
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_decrypt( &pk, buf, sizeof( buf ), buf, NULL, sizeof( buf ),
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_encrypt( NULL, buf, sizeof( buf ), buf, &len, sizeof( buf ),
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_encrypt( &pk, NULL, sizeof( buf ), buf, &len, sizeof( buf ),
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_encrypt( &pk, buf, sizeof( buf ), NULL, &len, sizeof( buf ),
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_encrypt( &pk, buf, sizeof( buf ), buf, NULL, sizeof( buf ),
- mbedtls_test_rnd_std_rand, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_check_pair( NULL, &pk ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_check_pair( &pk, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_debug( NULL, NULL ) );
-
-#if defined(MBEDTLS_PK_PARSE_C)
-#if defined(MBEDTLS_FS_IO)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_load_file( NULL, &p, &len ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_load_file( str, NULL, &len ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_load_file( str, &p, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_keyfile( NULL, str, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_keyfile( &pk, NULL, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_public_keyfile( NULL, str ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_public_keyfile( &pk, NULL ) );
-#endif
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_subpubkey( NULL, buf, &pk ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_subpubkey( &null_buf, buf, &pk ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_subpubkey( &p, NULL, &pk ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_subpubkey( &p, buf, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_key( NULL,
- buf, sizeof( buf ),
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_key( &pk,
- NULL, sizeof( buf ),
- buf, sizeof( buf ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_public_key( NULL,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_parse_public_key( &pk,
- NULL, sizeof( buf ) ) );
-#endif /* MBEDTLS_PK_PARSE_C */
-
-#if defined(MBEDTLS_PK_WRITE_C)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_pubkey( NULL, p, &pk ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_pubkey( &null_buf, p, &pk ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_pubkey( &p, NULL, &pk ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_pubkey( &p, p, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_pubkey_der( NULL,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_pubkey_der( &pk,
- NULL, sizeof( buf ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_key_der( NULL,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_key_der( &pk,
- NULL, sizeof( buf ) ) );
-
-#if defined(MBEDTLS_PEM_WRITE_C)
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_pubkey_pem( NULL,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_pubkey_pem( &pk,
- NULL, sizeof( buf ) ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_key_pem( NULL,
- buf, sizeof( buf ) ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_write_key_pem( &pk,
- NULL, sizeof( buf ) ) );
-#endif /* MBEDTLS_PEM_WRITE_C */
-
-#endif /* MBEDTLS_PK_WRITE_C */
-}
-/* END_CASE */
-
/* BEGIN_CASE */
void pk_utils( int type, int parameter, int bitlen, int len, char * name )
{
@@ -1138,7 +863,7 @@
size_t sig_len, ciph_len, test_len;
int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH;
- mbedtls_rsa_init( &raw, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE );
+ mbedtls_rsa_init( &raw );
mbedtls_pk_init( &rsa ); mbedtls_pk_init( &alt );
memset( hash, 0x2a, sizeof hash );
diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function
index d1c0fc1..d78ee88 100644
--- a/tests/suites/test_suite_pkcs1_v15.function
+++ b/tests/suites/test_suite_pkcs1_v15.function
@@ -19,11 +19,15 @@
mbedtls_test_rnd_buf_info info;
mbedtls_mpi N, E;
+ info.fallback_f_rng = mbedtls_test_rnd_std_rand;
+ info.fallback_p_rng = NULL;
info.buf = rnd_buf->x;
info.length = rnd_buf->len;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V15, hash ) == 0 );
memset( output, 0x00, sizeof( output ) );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
@@ -69,7 +73,9 @@
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V15, hash ) == 0 );
memset( output, 0x00, sizeof( output ) );
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
@@ -191,7 +197,7 @@
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
mbedtls_mpi_init( &Nmpi ); mbedtls_mpi_init( &Empi );
mbedtls_mpi_init( &Pmpi ); mbedtls_mpi_init( &Qmpi );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &ctx );
TEST_ASSERT( mbedtls_mpi_read_binary( &Nmpi, N, sizeof( N ) ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_binary( &Empi, E, sizeof( E ) ) == 0 );
@@ -268,12 +274,16 @@
mbedtls_mpi N, P, Q, E;
mbedtls_test_rnd_buf_info info;
+ info.fallback_f_rng = mbedtls_test_rnd_std_rand;
+ info.fallback_p_rng = NULL;
info.buf = rnd_buf->x;
info.length = rnd_buf->len;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V15, hash ) == 0 );
memset( hash_result, 0x00, sizeof( hash_result ) );
memset( output, 0x00, sizeof( output ) );
@@ -321,7 +331,9 @@
((void) salt);
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V15, hash ) == 0 );
memset( hash_result, 0x00, sizeof( hash_result ) );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function
index 8f22f20..ec5591f 100644
--- a/tests/suites/test_suite_pkcs1_v21.function
+++ b/tests/suites/test_suite_pkcs1_v21.function
@@ -18,11 +18,15 @@
mbedtls_test_rnd_buf_info info;
mbedtls_mpi N, E;
+ info.fallback_f_rng = mbedtls_test_rnd_std_rand;
+ info.fallback_p_rng = NULL;
info.buf = rnd_buf->x;
info.length = rnd_buf->len;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V21, hash ) == 0 );
memset( output, 0x00, sizeof( output ) );
TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 );
@@ -65,7 +69,9 @@
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V21, hash ) == 0 );
memset( output, 0x00, sizeof( output ) );
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
@@ -122,12 +128,16 @@
mbedtls_test_rnd_buf_info info;
mbedtls_mpi N, P, Q, E;
+ info.fallback_f_rng = mbedtls_test_rnd_std_rand;
+ info.fallback_p_rng = NULL;
info.buf = rnd_buf->x;
info.length = rnd_buf->len;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V21, hash ) == 0 );
memset( hash_result, 0x00, sizeof( hash_result ) );
memset( output, 0x00, sizeof( output ) );
@@ -185,7 +195,9 @@
((void) salt);
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V21, hash ) == 0 );
memset( hash_result, 0x00, sizeof( hash_result ) );
TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 );
@@ -221,7 +233,9 @@
mbedtls_mpi N, E;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, ctx_hash );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V21, ctx_hash ) == 0 );
memset( hash_result, 0x00, sizeof( hash_result ) );
TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 );
diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data
index 6a0b9b5..1f73aac 100644
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@@ -989,7 +989,7 @@
pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.pem":0
Parse EC Key #1 (SEC1 DER)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.der":"NULL":0
Parse EC Key #2 (SEC1 PEM)
@@ -1005,15 +1005,15 @@
pk_parse_keyfile_ec:"data_files/ec_prv.pk8.der":"NULL":0
Parse EC Key #4a (PKCS8 DER, no public key)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.der":"NULL":0
Parse EC Key #4b (PKCS8 DER, no public key, with parameters)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.der":"NULL":0
Parse EC Key #4c (PKCS8 DER, with parameters)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.der":"NULL":0
Parse EC Key #5 (PKCS8 PEM)
@@ -1069,7 +1069,7 @@
pk_parse_keyfile_ec:"data_files/ec_bp512_prv.pem":"NULL":0
Parse EC Key #15 (SEC1 DER, secp256k1, SpecifiedECDomain)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MBEDTLS_PK_PARSE_EC_EXTENDED
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MBEDTLS_PK_PARSE_EC_EXTENDED
pk_parse_keyfile_ec:"data_files/ec_prv.specdom.der":"NULL":0
Key ASN1 (No data)
diff --git a/tests/suites/test_suite_poly1305.data b/tests/suites/test_suite_poly1305.data
index 13912e9..eb9712c 100644
--- a/tests/suites/test_suite_poly1305.data
+++ b/tests/suites/test_suite_poly1305.data
@@ -34,9 +34,6 @@
Poly1305 RFC 7539 Test Vector #11
mbedtls_poly1305:"0100000000000000040000000000000000000000000000000000000000000000":"13000000000000000000000000000000":"e33594d7505e43b900000000000000003394d7505e4379cd010000000000000000000000000000000000000000000000"
-Poly1305 Parameter validation
-poly1305_bad_params:
-
Poly1305 Selftest
depends_on:MBEDTLS_SELF_TEST
poly1305_selftest:
diff --git a/tests/suites/test_suite_poly1305.function b/tests/suites/test_suite_poly1305.function
index 4b8995b..59e9277 100644
--- a/tests/suites/test_suite_poly1305.function
+++ b/tests/suites/test_suite_poly1305.function
@@ -79,45 +79,6 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void poly1305_bad_params()
-{
- unsigned char src[1];
- unsigned char key[32];
- unsigned char mac[16];
- size_t src_len = sizeof( src );
- mbedtls_poly1305_context ctx;
-
- TEST_INVALID_PARAM( mbedtls_poly1305_init( NULL ) );
- TEST_VALID_PARAM( mbedtls_poly1305_free( NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_poly1305_starts( NULL, key ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_poly1305_starts( &ctx, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_poly1305_update( NULL, src, 0 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_poly1305_update( &ctx, NULL, src_len ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_poly1305_finish( NULL, mac ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_poly1305_finish( &ctx, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_poly1305_mac( NULL, src, 0, mac ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_poly1305_mac( key, NULL, src_len, mac ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
- mbedtls_poly1305_mac( key, src, 0, NULL ) );
-
-exit:
- return;
-}
-/* END_CASE */
-
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void poly1305_selftest()
{
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index adfc4a1..b58c486 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -3485,7 +3485,7 @@
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0
PSA generate key: RSA, 1024 bits, good, encrypt (OAEP SHA-256)
-depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_GENPRIME:MBEDTLS_MD_C
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_SUCCESS:0
PSA generate key: RSA, 0 bits: invalid
diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data
index 4e2f4d5..22056b0 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.data
+++ b/tests/suites/test_suite_psa_crypto_metadata.data
@@ -294,6 +294,9 @@
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384
key_agreement_algorithm:PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH, PSA_ALG_HKDF( PSA_ALG_SHA_384 ) ):ALG_IS_ECDH:PSA_ALG_ECDH:PSA_ALG_HKDF( PSA_ALG_SHA_384 )
+PAKE: J-PAKE
+pake_algorithm:PSA_ALG_JPAKE
+
Key type: raw data
key_type:PSA_KEY_TYPE_RAW_DATA:KEY_TYPE_IS_UNSTRUCTURED
diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function
index 8134f44..3ed08a6 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.function
+++ b/tests/suites/test_suite_psa_crypto_metadata.function
@@ -156,6 +156,7 @@
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
algorithm_classification( alg, classification_flags );
/* Length */
@@ -181,6 +182,7 @@
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
algorithm_classification( alg, classification_flags );
/* Tag length */
@@ -220,6 +222,7 @@
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
algorithm_classification( alg, 0 );
/* Dependent algorithms */
@@ -362,6 +365,7 @@
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
algorithm_classification( alg, classification_flags );
}
/* END_CASE */
@@ -462,6 +466,7 @@
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
algorithm_classification( alg, classification_flags );
}
/* END_CASE */
@@ -491,6 +496,7 @@
TEST_ASSERT( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
algorithm_classification( alg, classification_flags );
}
/* END_CASE */
@@ -511,6 +517,7 @@
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( PSA_ALG_IS_KEY_DERIVATION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
algorithm_classification( alg, classification_flags );
/* Check combinations with key agreements */
@@ -540,6 +547,7 @@
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
algorithm_classification( alg, classification_flags );
/* Shared secret derivation properties */
@@ -549,6 +557,24 @@
/* END_CASE */
/* BEGIN_CASE */
+void pake_algorithm( int alg_arg )
+{
+ psa_algorithm_t alg = alg_arg;
+
+ /* Algorithm classification */
+ TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
+ TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
+ TEST_ASSERT( PSA_ALG_IS_PAKE( alg ) );
+}
+
+/* END_CASE */
+/* BEGIN_CASE */
void key_type( int type_arg, int classification_flags )
{
psa_key_type_t type = type_arg;
diff --git a/tests/suites/test_suite_psa_crypto_storage_format.function b/tests/suites/test_suite_psa_crypto_storage_format.function
index 76cfe57..34d63a7 100644
--- a/tests/suites/test_suite_psa_crypto_storage_format.function
+++ b/tests/suites/test_suite_psa_crypto_storage_format.function
@@ -7,6 +7,8 @@
#include <psa_crypto_its.h>
+#define TEST_FLAG_EXERCISE 0x00000001
+
/** Write a key with the given attributes and key material to storage.
* Test that it has the expected representation.
*
@@ -67,7 +69,7 @@
const data_t *expected_material,
psa_storage_uid_t uid,
const data_t *representation,
- int exercise )
+ int flags )
{
psa_key_attributes_t actual_attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = psa_get_key_id( expected_attributes );
@@ -105,7 +107,7 @@
exported_material, length );
}
- if( exercise )
+ if( flags & TEST_FLAG_EXERCISE )
{
TEST_ASSERT( mbedtls_test_psa_exercise_key(
key_id,
@@ -183,7 +185,7 @@
void key_storage_read( int lifetime_arg, int type_arg, int bits_arg,
int usage_arg, int alg_arg, int alg2_arg,
data_t *material,
- data_t *representation, int exercise )
+ data_t *representation, int flags )
{
/* Backward compatibility: read a key in the format of a past version
* and check that this version can use it. */
@@ -213,7 +215,7 @@
* guarantees backward compatibility with keys that were stored by
* past versions of Mbed TLS. */
TEST_ASSERT( test_read_key( &attributes, material,
- uid, representation, exercise ) );
+ uid, representation, flags ) );
exit:
psa_reset_key_attributes( &attributes );
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index efea5c1..14b4afc 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -17,349 +17,41 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+/* BEGIN_CASE */
void rsa_invalid_param( )
{
mbedtls_rsa_context ctx;
- const int valid_padding = MBEDTLS_RSA_PKCS_V21;
const int invalid_padding = 42;
- unsigned char buf[42] = { 0 };
- size_t olen;
+ const int invalid_hash_id = 0xff;
- TEST_INVALID_PARAM( mbedtls_rsa_init( NULL, valid_padding, 0 ) );
- TEST_INVALID_PARAM( mbedtls_rsa_init( &ctx, invalid_padding, 0 ) );
- TEST_VALID_PARAM( mbedtls_rsa_free( NULL ) );
+ mbedtls_rsa_init( &ctx );
- /* No more variants because only the first argument must be non-NULL. */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_import( NULL, NULL, NULL,
- NULL, NULL, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_import_raw( NULL,
- NULL, 0,
- NULL, 0,
- NULL, 0,
- NULL, 0,
- NULL, 0 ) );
+ TEST_EQUAL( mbedtls_rsa_set_padding( &ctx,
+ invalid_padding,
+ MBEDTLS_MD_NONE ),
+ MBEDTLS_ERR_RSA_INVALID_PADDING );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_complete( NULL ) );
+ TEST_EQUAL( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V21,
+ invalid_hash_id ),
+ MBEDTLS_ERR_RSA_INVALID_PADDING );
- /* No more variants because only the first argument must be non-NULL. */
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_export( NULL, NULL, NULL,
- NULL, NULL, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_export_raw( NULL,
- NULL, 0,
- NULL, 0,
- NULL, 0,
- NULL, 0,
- NULL, 0 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_export_crt( NULL, NULL, NULL, NULL ) );
+#if !defined(MBEDTLS_PKCS1_V15)
+ TEST_EQUAL( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V15,
+ MBEDTLS_MD_NONE ),
+ MBEDTLS_ERR_RSA_INVALID_PADDING );
+#endif
- TEST_INVALID_PARAM( mbedtls_rsa_set_padding( NULL,
- valid_padding, 0 ) );
- TEST_INVALID_PARAM( mbedtls_rsa_set_padding( &ctx,
- invalid_padding, 0 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_gen_key( NULL,
- mbedtls_test_rnd_std_rand,
- NULL, 0, 0 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_gen_key( &ctx, NULL,
- NULL, 0, 0 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_check_pubkey( NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_check_privkey( NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_check_pub_priv( NULL, &ctx ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_check_pub_priv( &ctx, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_public( NULL, buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_public( &ctx, NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_public( &ctx, buf, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_private( NULL, NULL, NULL,
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_private( &ctx, NULL, NULL,
- NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_private( &ctx, NULL, NULL,
- buf, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_encrypt( NULL, NULL, NULL,
- sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
- sizeof( buf ), NULL,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
- sizeof( buf ), buf,
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_pkcs1_v15_encrypt( NULL, NULL,
- NULL, sizeof( buf ),
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL,
- NULL, sizeof( buf ),
- NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL,
- NULL, sizeof( buf ),
- buf, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_oaep_encrypt( NULL, NULL, NULL,
- buf, sizeof( buf ),
- sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
- NULL, sizeof( buf ),
- sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
- buf, sizeof( buf ),
- sizeof( buf ), NULL,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL,
- buf, sizeof( buf ),
- sizeof( buf ), buf,
- NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_decrypt( NULL, NULL, NULL,
- &olen,
- buf, buf, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
- NULL,
- buf, buf, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
- &olen,
- NULL, buf, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL,
- &olen,
- buf, NULL, 42 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_pkcs1_v15_decrypt( NULL, NULL,
- NULL, &olen,
- buf, buf, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
- NULL, NULL,
- buf, buf, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
- NULL, &olen,
- NULL, buf, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL,
- NULL, &olen,
- buf, NULL, 42 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_oaep_decrypt( NULL, NULL, NULL,
- buf, sizeof( buf ),
- &olen,
- buf, buf, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
- NULL, sizeof( buf ),
- NULL,
- buf, buf, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
- buf, sizeof( buf ),
- &olen,
- NULL, buf, 42 ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
- buf, sizeof( buf ),
- &olen,
- buf, NULL, 42 ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_sign( NULL, NULL, NULL,
- 0, sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
- 0, sizeof( buf ), NULL,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
- 0, sizeof( buf ), buf,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
- MBEDTLS_MD_SHA1,
- 0, NULL,
- buf ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_sign( NULL, NULL, NULL,
- 0, sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
- 0, sizeof( buf ), NULL,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
- 0, sizeof( buf ), buf,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL,
- MBEDTLS_MD_SHA1,
- 0, NULL,
- buf ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_sign( NULL, NULL, NULL,
- 0, sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
- 0, sizeof( buf ), NULL,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
- 0, sizeof( buf ), buf,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL,
- MBEDTLS_MD_SHA1,
- 0, NULL,
- buf ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_sign_ext( NULL, NULL, NULL,
- 0, sizeof( buf ), buf,
- MBEDTLS_RSA_SALT_LEN_ANY,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_sign_ext( &ctx, NULL, NULL,
- 0, sizeof( buf ), NULL,
- MBEDTLS_RSA_SALT_LEN_ANY,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_sign_ext( &ctx, NULL, NULL,
- 0, sizeof( buf ), buf,
- MBEDTLS_RSA_SALT_LEN_ANY,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_sign_ext( &ctx, NULL, NULL,
- MBEDTLS_MD_SHA1,
- 0, NULL,
- MBEDTLS_RSA_SALT_LEN_ANY,
- buf ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_verify( NULL,
- 0, sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_verify( &ctx,
- 0, sizeof( buf ), NULL,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_verify( &ctx,
- 0, sizeof( buf ), buf,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_pkcs1_verify( &ctx,
- MBEDTLS_MD_SHA1, 0, NULL,
- buf ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL,
- 0, sizeof( buf ), buf,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx,
- 0, sizeof( buf ),
- NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx,
- 0, sizeof( buf ), buf,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx,
- MBEDTLS_MD_SHA1,
- 0, NULL,
- buf ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify( NULL,
- 0, sizeof( buf ),
- buf, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify( &ctx,
- 0, sizeof( buf ),
- NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify( &ctx,
- 0, sizeof( buf ),
- buf, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify( &ctx,
- MBEDTLS_MD_SHA1,
- 0, NULL,
- buf ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify_ext( NULL,
- 0, sizeof( buf ),
- buf,
- 0, 0,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify_ext( &ctx,
- 0, sizeof( buf ),
- NULL, 0, 0,
- buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify_ext( &ctx,
- 0, sizeof( buf ),
- buf, 0, 0,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_rsassa_pss_verify_ext( &ctx,
- MBEDTLS_MD_SHA1,
- 0, NULL,
- 0, 0,
- buf ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_copy( NULL, &ctx ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_copy( &ctx, NULL ) );
+#if !defined(MBEDTLS_PKCS1_V21)
+ TEST_EQUAL( mbedtls_rsa_set_padding( &ctx,
+ MBEDTLS_RSA_PKCS_V21,
+ MBEDTLS_MD_NONE ),
+ MBEDTLS_ERR_RSA_INVALID_PADDING );
+#endif
exit:
- return;
+ mbedtls_rsa_free( &ctx );
}
/* END_CASE */
@@ -373,11 +65,11 @@
* unconditionally on an error path without checking whether it has
* already been called in the success path. */
- mbedtls_rsa_init( &ctx, 0, 0 );
+ mbedtls_rsa_init( &ctx );
mbedtls_rsa_free( &ctx );
if( reinit )
- mbedtls_rsa_init( &ctx, 0, 0 );
+ mbedtls_rsa_init( &ctx );
mbedtls_rsa_free( &ctx );
/* This test case always succeeds, functionally speaking. A plausible
@@ -401,7 +93,9 @@
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, padding_mode, 0 );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,padding_mode,
+ MBEDTLS_MD_NONE ) == 0 );
memset( hash_result, 0x00, sizeof( hash_result ) );
memset( output, 0x00, sizeof( output ) );
@@ -450,7 +144,9 @@
mbedtls_mpi N, E;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, padding_mode, 0 );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
+ MBEDTLS_MD_NONE ) == 0 );
memset( hash_result, 0x00, sizeof( hash_result ) );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
@@ -484,7 +180,9 @@
mbedtls_mpi N, P, Q, E;
mbedtls_test_rnd_pseudo_info rnd_info;
- mbedtls_rsa_init( &ctx, padding_mode, 0 );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
+ MBEDTLS_MD_NONE ) == 0 );
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
@@ -531,7 +229,9 @@
mbedtls_mpi N, E;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, padding_mode, 0 );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
+ MBEDTLS_MD_NONE ) == 0 );
memset( output, 0x00, sizeof( output ) );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
@@ -565,7 +265,9 @@
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
- mbedtls_rsa_init( &ctx, padding_mode, 0 );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
+ MBEDTLS_MD_NONE ) == 0 );
memset( output, 0x00, sizeof( output ) );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
@@ -606,7 +308,9 @@
mbedtls_mpi N, E;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, padding_mode, 0 );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
+ MBEDTLS_MD_NONE ) == 0 );
memset( output, 0x00, sizeof( output ) );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
@@ -651,7 +355,9 @@
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, padding_mode, 0 );
+ mbedtls_rsa_init( &ctx );
+ TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode,
+ MBEDTLS_MD_NONE ) == 0 );
memset( output, 0x00, sizeof( output ) );
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
@@ -699,8 +405,8 @@
mbedtls_mpi N, E;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
- mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &ctx );
+ mbedtls_rsa_init( &ctx2 );
memset( output, 0x00, sizeof( output ) );
TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
@@ -757,8 +463,8 @@
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
- mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &ctx );
+ mbedtls_rsa_init( &ctx2 );
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
@@ -834,7 +540,7 @@
mbedtls_mpi N, E;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &ctx );
if( strlen( input_N ) )
{
@@ -865,7 +571,7 @@
{
mbedtls_rsa_context ctx;
- mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &ctx );
ctx.len = mod / 8;
if( strlen( input_P ) )
@@ -926,8 +632,8 @@
{
mbedtls_rsa_context pub, prv;
- mbedtls_rsa_init( &pub, MBEDTLS_RSA_PKCS_V15, 0 );
- mbedtls_rsa_init( &prv, MBEDTLS_RSA_PKCS_V15, 0 );
+ mbedtls_rsa_init( &pub );
+ mbedtls_rsa_init( &prv );
pub.len = mod / 8;
prv.len = mod / 8;
@@ -998,7 +704,7 @@
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
- mbedtls_rsa_init ( &ctx, 0, 0 );
+ mbedtls_rsa_init ( &ctx );
TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers,
@@ -1150,7 +856,7 @@
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
- mbedtls_rsa_init( &ctx, 0, 0 );
+ mbedtls_rsa_init( &ctx );
mbedtls_mpi_init( &N );
mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
@@ -1291,7 +997,7 @@
mbedtls_rsa_context ctx;
- mbedtls_rsa_init( &ctx, 0, 0 );
+ mbedtls_rsa_init( &ctx );
mbedtls_mpi_init( &N );
mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
@@ -1471,7 +1177,7 @@
mbedtls_rsa_context ctx;
- mbedtls_rsa_init( &ctx, 0, 0 );
+ mbedtls_rsa_init( &ctx );
/* Setup RSA context */
TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
@@ -1573,7 +1279,7 @@
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
- mbedtls_rsa_init( &ctx, 0, 0 );
+ mbedtls_rsa_init( &ctx );
TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers,
diff --git a/tests/suites/test_suite_shax.data b/tests/suites/test_suite_shax.data
index 12eec84..3552346 100644
--- a/tests/suites/test_suite_shax.data
+++ b/tests/suites/test_suite_shax.data
@@ -1,9 +1,3 @@
-SHA-1 - Valid parameters
-sha1_valid_param:
-
-SHA-1 - Invalid parameters
-sha1_invalid_param:
-
# Test the operation of SHA-1 and SHA-2
SHA-1 Test Vector NIST CAVS #1
depends_on:MBEDTLS_SHA1_C
@@ -45,9 +39,6 @@
depends_on:MBEDTLS_SHA1_C
mbedtls_sha1:"8236153781bd2f1b81ffe0def1beb46f5a70191142926651503f1b3bb1016acdb9e7f7acced8dd168226f118ff664a01a8800116fd023587bfba52a2558393476f5fc69ce9c65001f23e70476d2cc81c97ea19caeb194e224339bcb23f77a83feac5096f9b3090c51a6ee6d204b735aa71d7e996d380b80822e4dfd43683af9c7442498cacbea64842dfda238cb099927c6efae07fdf7b23a4e4456e0152b24853fe0d5de4179974b2b9d4a1cdbefcbc01d8d311b5dda059136176ea698ab82acf20dd490be47130b1235cb48f8a6710473cfc923e222d94b582f9ae36d4ca2a32d141b8e8cc36638845fbc499bce17698c3fecae2572dbbd470552430d7ef30c238c2124478f1f780483839b4fb73d63a9460206824a5b6b65315b21e3c2f24c97ee7c0e78faad3df549c7ca8ef241876d9aafe9a309f6da352bec2caaa92ee8dca392899ba67dfed90aef33d41fc2494b765cb3e2422c8e595dabbfaca217757453fb322a13203f425f6073a9903e2dc5818ee1da737afc345f0057744e3a56e1681c949eb12273a3bfc20699e423b96e44bd1ff62e50a848a890809bfe1611c6787d3d741103308f849a790f9c015098286dbacfc34c1718b2c2b77e32194a75dda37954a320fa68764027852855a7e5b5274eb1e2cbcd27161d98b59ad245822015f48af82a45c0ed59be94f9af03d9736048570d6e3ef63b1770bc98dfb77de84b1bb1708d872b625d9ab9b06c18e5dbbf34399391f0f8aa26ec0dac7ff4cb8ec97b52bcb942fa6db2385dcd1b3b9d567aaeb425d567b0ebe267235651a1ed9bf78fd93d3c1dd077fe340bb04b00529c58f45124b717c168d07e9826e33376988bc5cf62845c2009980a4dfa69fbc7e5a0b1bb20a5958ca967aec68eb31dd8fccca9afcd30a26bab26279f1bf6724ff":"11863b483809ef88413ca9b0084ac4a5390640af"
-SHA-256 Valid parameters
-sha256_valid_param:
-
SHA-256 Invalid parameters
sha256_invalid_param:
@@ -110,9 +101,6 @@
SHA-512 Invalid parameters
sha512_invalid_param:
-SHA-512 Valid parameters
-sha512_valid_param:
-
SHA-384 Test Vector NIST CAVS #1
depends_on:MBEDTLS_SHA384_C
sha384:"":"38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b"
diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function
index 1d4cf71..95d45ba 100644
--- a/tests/suites/test_suite_shax.function
+++ b/tests/suites/test_suite_shax.function
@@ -5,53 +5,6 @@
/* END_HEADER */
/* BEGIN_CASE depends_on:MBEDTLS_SHA1_C */
-void sha1_valid_param( )
-{
- TEST_VALID_PARAM( mbedtls_sha1_free( NULL ) );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_SHA1_C:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
-void sha1_invalid_param( )
-{
- mbedtls_sha1_context ctx;
- unsigned char buf[64] = { 0 };
- size_t const buflen = sizeof( buf );
-
- TEST_INVALID_PARAM( mbedtls_sha1_init( NULL ) );
-
- TEST_INVALID_PARAM( mbedtls_sha1_clone( NULL, &ctx ) );
- TEST_INVALID_PARAM( mbedtls_sha1_clone( &ctx, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
- mbedtls_sha1_starts_ret( NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
- mbedtls_sha1_update_ret( NULL, buf, buflen ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
- mbedtls_sha1_update_ret( &ctx, NULL, buflen ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
- mbedtls_sha1_finish_ret( NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
- mbedtls_sha1_finish_ret( &ctx, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
- mbedtls_internal_sha1_process( NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
- mbedtls_internal_sha1_process( &ctx, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
- mbedtls_sha1_ret( NULL, buflen, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA,
- mbedtls_sha1_ret( buf, buflen, NULL ) );
-
-exit:
- return;
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_SHA1_C */
void mbedtls_sha1( data_t * src_str, data_t * hash )
{
unsigned char output[41];
@@ -59,20 +12,13 @@
memset(output, 0x00, 41);
- TEST_ASSERT( mbedtls_sha1_ret( src_str->x, src_str->len, output ) == 0 );
+ TEST_ASSERT( mbedtls_sha1( src_str->x, src_str->len, output ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 20, hash->len ) == 0 );
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
-void sha256_valid_param( )
-{
- TEST_VALID_PARAM( mbedtls_sha256_free( NULL ) );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:NOT_DEFINED */
void sha256_invalid_param( )
{
mbedtls_sha256_context ctx;
@@ -81,39 +27,11 @@
int valid_type = 0;
int invalid_type = 42;
- TEST_INVALID_PARAM( mbedtls_sha256_init( NULL ) );
+ TEST_EQUAL( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+ mbedtls_sha256_starts( &ctx, invalid_type ) );
- TEST_INVALID_PARAM( mbedtls_sha256_clone( NULL, &ctx ) );
- TEST_INVALID_PARAM( mbedtls_sha256_clone( &ctx, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_sha256_starts_ret( NULL, valid_type ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_sha256_starts_ret( &ctx, invalid_type ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_sha256_update_ret( NULL, buf, buflen ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_sha256_update_ret( &ctx, NULL, buflen ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_sha256_finish_ret( NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_sha256_finish_ret( &ctx, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_internal_sha256_process( NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_internal_sha256_process( &ctx, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_sha256_ret( NULL, buflen,
- buf, valid_type ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_sha256_ret( buf, buflen,
- NULL, valid_type ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
- mbedtls_sha256_ret( buf, buflen,
+ TEST_EQUAL( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA,
+ mbedtls_sha256( buf, buflen,
buf, invalid_type ) );
exit:
@@ -129,7 +47,7 @@
memset(output, 0x00, 57);
- TEST_ASSERT( mbedtls_sha256_ret( src_str->x, src_str->len, output, 1 ) == 0 );
+ TEST_ASSERT( mbedtls_sha256( src_str->x, src_str->len, output, 1 ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 28, hash->len ) == 0 );
}
@@ -143,20 +61,13 @@
memset(output, 0x00, 65);
- TEST_ASSERT( mbedtls_sha256_ret( src_str->x, src_str->len, output, 0 ) == 0 );
+ TEST_ASSERT( mbedtls_sha256( src_str->x, src_str->len, output, 0 ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 32, hash->len ) == 0 );
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */
-void sha512_valid_param( )
-{
- TEST_VALID_PARAM( mbedtls_sha512_free( NULL ) );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
+/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C:NOT_DEFINED */
void sha512_invalid_param( )
{
mbedtls_sha512_context ctx;
@@ -165,39 +76,11 @@
int valid_type = 0;
int invalid_type = 42;
- TEST_INVALID_PARAM( mbedtls_sha512_init( NULL ) );
+ TEST_EQUAL( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+ mbedtls_sha512_starts( &ctx, invalid_type ) );
- TEST_INVALID_PARAM( mbedtls_sha512_clone( NULL, &ctx ) );
- TEST_INVALID_PARAM( mbedtls_sha512_clone( &ctx, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_sha512_starts_ret( NULL, valid_type ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_sha512_starts_ret( &ctx, invalid_type ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_sha512_update_ret( NULL, buf, buflen ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_sha512_update_ret( &ctx, NULL, buflen ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_sha512_finish_ret( NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_sha512_finish_ret( &ctx, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_internal_sha512_process( NULL, buf ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_internal_sha512_process( &ctx, NULL ) );
-
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_sha512_ret( NULL, buflen,
- buf, valid_type ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_sha512_ret( buf, buflen,
- NULL, valid_type ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
- mbedtls_sha512_ret( buf, buflen,
+ TEST_EQUAL( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA,
+ mbedtls_sha512( buf, buflen,
buf, invalid_type ) );
exit:
@@ -213,7 +96,7 @@
memset(output, 0x00, 97);
- TEST_ASSERT( mbedtls_sha512_ret( src_str->x, src_str->len, output, 1 ) == 0 );
+ TEST_ASSERT( mbedtls_sha512( src_str->x, src_str->len, output, 1 ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 48, hash->len ) == 0 );
}
@@ -227,7 +110,7 @@
memset(output, 0x00, 129);
- TEST_ASSERT( mbedtls_sha512_ret( src_str->x, src_str->len, output, 0 ) == 0 );
+ TEST_ASSERT( mbedtls_sha512( src_str->x, src_str->len, output, 0 ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 64, hash->len ) == 0 );
}
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index ab00130..a497076 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -1,3 +1,15 @@
+Attempt to register multiple PSKs
+test_multiple_psks:
+
+Attempt to register multiple PSKS, incl. opaque PSK, #0
+test_multiple_psks_opaque:0
+
+Attempt to register multiple PSKs, incl. opaque PSK, #1
+test_multiple_psks_opaque:1
+
+Attempt to register multiple PSKs, incl. opaque PSK, #2
+test_multiple_psks_opaque:2
+
Test calback buffer sanity
test_callback_buffer_sanity:
@@ -9241,6 +9253,28 @@
# Vector from RFC 8448
ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_res_master:"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406"
+SSL TLS 1.3 Key schedule: Early secrets derivation helper
+# Vector from RFC 8448
+ssl_tls1_3_derive_early_secrets:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":"3fbbe6a60deb66c30a32795aba0eff7eaa10105586e7be5c09678d63b6caab62":"b2026866610937d7423e5be90862ccf24c0e6091186d34f812089ff5be2ef7df"
+
+SSL TLS 1.3 Key schedule: Handshake secrets derivation helper
+# Vector from RFC 8448
+ssl_tls1_3_derive_handshake_secrets:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803"
+
+SSL TLS 1.3 Key schedule: Application secrets derivation helper
+# Vector from RFC 8448
+ssl_tls1_3_derive_application_secrets:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1":"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691":"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4"
+
+SSL TLS 1.3 Key schedule: Resumption secrets derivation helper
+# Vector from RFC 8448
+ssl_tls1_3_derive_resumption_secrets:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406"
+
+SSL TLS 1.3 Key schedule: PSK binder
+# Vector from RFC 8448
+# For the resumption PSK, see Section 3, 'generate resumption secret "tls13 resumption"'
+# For all other data, see Section 4, 'construct a ClientHello handshake message:'
+ssl_tls1_3_create_psk_binder:MBEDTLS_MD_SHA256:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3":MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:"63224b2e4573f2d3454ca84b9d009a04f6be9e05711a8396473aefa01e924a14":"3add4fb2d8fdf822a0ca3cf7678ef5e88dae990141c5924d57bb6fa31b9e5f9d"
+
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index d9261d1..c555d74 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -8,6 +8,8 @@
#include <ssl_tls13_keys.h>
#include "test/certs.h"
+#include <psa/crypto.h>
+
#include <ssl_invasive.h>
#include <test/constant_flow.h>
@@ -3794,6 +3796,156 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+void ssl_tls1_3_derive_early_secrets( int hash_alg,
+ data_t *secret,
+ data_t *transcript,
+ data_t *traffic_expected,
+ data_t *exporter_expected )
+{
+ mbedtls_ssl_tls1_3_early_secrets secrets;
+
+ /* Double-check that we've passed sane parameters. */
+ mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
+ mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
+ size_t const md_size = mbedtls_md_get_size( md_info );
+ TEST_ASSERT( md_info != 0 &&
+ secret->len == md_size &&
+ transcript->len == md_size &&
+ traffic_expected->len == md_size &&
+ exporter_expected->len == md_size );
+
+ TEST_ASSERT( mbedtls_ssl_tls1_3_derive_early_secrets(
+ md_type, secret->x, transcript->x, transcript->len,
+ &secrets ) == 0 );
+
+ ASSERT_COMPARE( secrets.client_early_traffic_secret, md_size,
+ traffic_expected->x, traffic_expected->len );
+ ASSERT_COMPARE( secrets.early_exporter_master_secret, md_size,
+ exporter_expected->x, exporter_expected->len );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+void ssl_tls1_3_derive_handshake_secrets( int hash_alg,
+ data_t *secret,
+ data_t *transcript,
+ data_t *client_expected,
+ data_t *server_expected )
+{
+ mbedtls_ssl_tls1_3_handshake_secrets secrets;
+
+ /* Double-check that we've passed sane parameters. */
+ mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
+ mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
+ size_t const md_size = mbedtls_md_get_size( md_info );
+ TEST_ASSERT( md_info != 0 &&
+ secret->len == md_size &&
+ transcript->len == md_size &&
+ client_expected->len == md_size &&
+ server_expected->len == md_size );
+
+ TEST_ASSERT( mbedtls_ssl_tls1_3_derive_handshake_secrets(
+ md_type, secret->x, transcript->x, transcript->len,
+ &secrets ) == 0 );
+
+ ASSERT_COMPARE( secrets.client_handshake_traffic_secret, md_size,
+ client_expected->x, client_expected->len );
+ ASSERT_COMPARE( secrets.server_handshake_traffic_secret, md_size,
+ server_expected->x, server_expected->len );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+void ssl_tls1_3_derive_application_secrets( int hash_alg,
+ data_t *secret,
+ data_t *transcript,
+ data_t *client_expected,
+ data_t *server_expected,
+ data_t *exporter_expected )
+{
+ mbedtls_ssl_tls1_3_application_secrets secrets;
+
+ /* Double-check that we've passed sane parameters. */
+ mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
+ mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
+ size_t const md_size = mbedtls_md_get_size( md_info );
+ TEST_ASSERT( md_info != 0 &&
+ secret->len == md_size &&
+ transcript->len == md_size &&
+ client_expected->len == md_size &&
+ server_expected->len == md_size &&
+ exporter_expected->len == md_size );
+
+ TEST_ASSERT( mbedtls_ssl_tls1_3_derive_application_secrets(
+ md_type, secret->x, transcript->x, transcript->len,
+ &secrets ) == 0 );
+
+ ASSERT_COMPARE( secrets.client_application_traffic_secret_N, md_size,
+ client_expected->x, client_expected->len );
+ ASSERT_COMPARE( secrets.server_application_traffic_secret_N, md_size,
+ server_expected->x, server_expected->len );
+ ASSERT_COMPARE( secrets.exporter_master_secret, md_size,
+ exporter_expected->x, exporter_expected->len );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+void ssl_tls1_3_derive_resumption_secrets( int hash_alg,
+ data_t *secret,
+ data_t *transcript,
+ data_t *resumption_expected )
+{
+ mbedtls_ssl_tls1_3_application_secrets secrets;
+
+ /* Double-check that we've passed sane parameters. */
+ mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
+ mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
+ size_t const md_size = mbedtls_md_get_size( md_info );
+ TEST_ASSERT( md_info != 0 &&
+ secret->len == md_size &&
+ transcript->len == md_size &&
+ resumption_expected->len == md_size );
+
+ TEST_ASSERT( mbedtls_ssl_tls1_3_derive_resumption_master_secret(
+ md_type, secret->x, transcript->x, transcript->len,
+ &secrets ) == 0 );
+
+ ASSERT_COMPARE( secrets.resumption_master_secret, md_size,
+ resumption_expected->x, resumption_expected->len );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+void ssl_tls1_3_create_psk_binder( int hash_alg,
+ data_t *psk,
+ int psk_type,
+ data_t *transcript,
+ data_t *binder_expected )
+{
+ unsigned char binder[ MBEDTLS_MD_MAX_SIZE ];
+
+ /* Double-check that we've passed sane parameters. */
+ mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
+ mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
+ size_t const md_size = mbedtls_md_get_size( md_info );
+ TEST_ASSERT( md_info != 0 &&
+ transcript->len == md_size &&
+ binder_expected->len == md_size );
+
+ TEST_ASSERT( mbedtls_ssl_tls1_3_create_psk_binder(
+ NULL, /* SSL context for debugging only */
+ md_type,
+ psk->x, psk->len,
+ psk_type,
+ transcript->x,
+ binder ) == 0 );
+
+ ASSERT_COMPARE( binder, md_size,
+ binder_expected->x, binder_expected->len );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
void ssl_tls1_3_key_evolution( int hash_alg,
data_t *secret,
data_t *input,
@@ -4535,3 +4687,109 @@
mbedtls_free( src );
}
/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+void test_multiple_psks()
+{
+ unsigned char psk0[10] = { 0 };
+ unsigned char psk0_identity[] = { 'f', 'o', 'o' };
+
+ unsigned char psk1[10] = { 0 };
+ unsigned char psk1_identity[] = { 'b', 'a', 'r' };
+
+ mbedtls_ssl_config conf;
+
+ mbedtls_ssl_config_init( &conf );
+
+ TEST_ASSERT( mbedtls_ssl_conf_psk( &conf,
+ psk0, sizeof( psk0 ),
+ psk0_identity, sizeof( psk0_identity ) ) == 0 );
+ TEST_ASSERT( mbedtls_ssl_conf_psk( &conf,
+ psk1, sizeof( psk1 ),
+ psk1_identity, sizeof( psk1_identity ) ) ==
+ MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+
+exit:
+
+ mbedtls_ssl_config_free( &conf );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO */
+void test_multiple_psks_opaque( int mode )
+{
+ /*
+ * Mode 0: Raw PSK, then opaque PSK
+ * Mode 1: Opaque PSK, then raw PSK
+ * Mode 2: 2x opaque PSK
+ */
+
+ unsigned char psk0_raw[10] = { 0 };
+ unsigned char psk0_raw_identity[] = { 'f', 'o', 'o' };
+
+ psa_key_id_t psk0_opaque = (psa_key_id_t) 1;
+ unsigned char psk0_opaque_identity[] = { 'f', 'o', 'o' };
+
+ unsigned char psk1_raw[10] = { 0 };
+ unsigned char psk1_raw_identity[] = { 'b', 'a', 'r' };
+
+ psa_key_id_t psk1_opaque = (psa_key_id_t) 2;
+ unsigned char psk1_opaque_identity[] = { 'b', 'a', 'r' };
+
+ mbedtls_ssl_config conf;
+
+ USE_PSA_INIT( );
+ mbedtls_ssl_config_init( &conf );
+
+ switch( mode )
+ {
+ case 0:
+
+ TEST_ASSERT( mbedtls_ssl_conf_psk( &conf,
+ psk0_raw, sizeof( psk0_raw ),
+ psk0_raw_identity, sizeof( psk0_raw_identity ) )
+ == 0 );
+ TEST_ASSERT( mbedtls_ssl_conf_psk_opaque( &conf,
+ psk1_opaque,
+ psk1_opaque_identity, sizeof( psk1_opaque_identity ) )
+ == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+ break;
+
+ case 1:
+
+ TEST_ASSERT( mbedtls_ssl_conf_psk_opaque( &conf,
+ psk0_opaque,
+ psk0_opaque_identity, sizeof( psk0_opaque_identity ) )
+ == 0 );
+ TEST_ASSERT( mbedtls_ssl_conf_psk( &conf,
+ psk1_raw, sizeof( psk1_raw ),
+ psk1_raw_identity, sizeof( psk1_raw_identity ) )
+ == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+
+ break;
+
+ case 2:
+
+ TEST_ASSERT( mbedtls_ssl_conf_psk_opaque( &conf,
+ psk0_opaque,
+ psk0_opaque_identity, sizeof( psk0_opaque_identity ) )
+ == 0 );
+ TEST_ASSERT( mbedtls_ssl_conf_psk_opaque( &conf,
+ psk1_opaque,
+ psk1_opaque_identity, sizeof( psk1_opaque_identity ) )
+ == MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+
+ break;
+
+ default:
+ TEST_ASSERT( 0 );
+ break;
+ }
+
+exit:
+
+ mbedtls_ssl_config_free( &conf );
+ USE_PSA_DONE( );
+
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 8b7b09a..dc81afb 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -178,10 +178,6 @@
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509_cert_info:"data_files/non-ascii-string-in-issuer.crt":"cert. version \: 3\nserial number \: 05\:E6\:53\:E7\:1B\:74\:F0\:B5\:D3\:84\:6D\:0C\:6D\:DC\:FA\:3F\:A4\:5A\:2B\:E0\nissuer name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nsubject name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nissued on \: 2020-05-20 16\:17\:23\nexpires on \: 2020-06-19 16\:17\:23\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n"
-X509 certificate v1 with extension
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version \: 1\nserial number \: BD\:ED\:44\:C7\:D2\:3E\:C2\:A4\nissuer name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nsubject name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nissued on \: 2013-07-04 16\:17\:02\nexpires on \: 2014-07-04 16\:17\:02\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nsubject alt name \:\n dNSName \: identity-check.org\n dNSName \: www.identity-check.org\n <unsupported>\n"
-
X509 SAN parsing otherName
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
x509_parse_san:"data_files/server5-othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 123456\n"
@@ -724,7 +720,7 @@
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt_crl.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #53 (CA keyUsage missing cRLSign)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL"
X509 CRT verification #54 (CA keyUsage missing cRLSign, no CRL)
@@ -732,11 +728,11 @@
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #55 (CA keyUsage missing keyCertSign)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crl.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 CRT verification #56 (CA keyUsage plain wrong)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-ds.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 CRT verification #57 (Valid, RSASSA-PSS, SHA-1)
@@ -1575,7 +1571,7 @@
x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, inv tag)
-depends_on:!MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa1000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
X509 CRT ASN1 (TBSCertificate v3, ext SubjectAlternativeName malformed)
@@ -1595,21 +1591,13 @@
x509parse_crt:"30819a308184a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CRT ASN1 (TBS, IssuerID unsupported in v1 CRT)
-depends_on:!MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-X509 CRT ASN1 (TBS, IssuerID unsupported in v1 CRT, ALLOW_EXTENSIONS_NON_V3)
-depends_on:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
X509 CRT ASN1 (TBS, SubjectID unsupported in v1 CRT)
-depends_on:!MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa200a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-X509 CRT ASN1 (TBS, SubjectID unsupported in v1 CRT, ALLOW_EXTENSIONS_NON_V3)
-depends_on:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa200a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-
X509 CRT ASN1 (TBS, inv v3Ext, inv tag)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a2000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
@@ -1795,7 +1783,7 @@
x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d200406300430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, unknown critical policy)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:!MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010101040730053003060100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE
X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier invalid tag)
@@ -1858,24 +1846,16 @@
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-X509 CRT (TBS, valid v3Ext in v1 CRT, ALLOW_EXTENSIONS_NON_V3)
-depends_on:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crt:"3081b93081a3a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0
-
-X509 CRT (TBS, valid v3Ext in v2 CRT, ALLOW_EXTENSIONS_NON_V3)
-depends_on:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509parse_crt:"3081b93081a3a0030201018204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"cert. version \: 2\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0
-
X509 CRT (TBS, valid v3Ext in v3 CRT)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0
X509 CRT ASN1 (TBS, valid v3Ext in v1 CRT)
-depends_on:!MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509parse_crt:"3081b93081a3a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
X509 CRT ASN1 (TBS, valid v3Ext in v2 CRT)
-depends_on:!MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509parse_crt:"3081b93081a3a0030201018204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
X509 CRT ASN1 (TBS, valid SubjectID, valid IssuerID, inv v3Ext, SubjectAltName repeated outside Extensions, inv SubjectAltNames tag)
@@ -2021,7 +2001,7 @@
x509parse_crt:"3081e430819f020104300d06092a864886f70d0101050500300f310d300b0603550403130454657374301e170d3133303731303135303233375a170d3233303730383135303233375a300f310d300b06035504031304546573743049301306072a8648ce3d020106082a8648ce3d03010103320004e962551a325b21b50cf6b990e33d4318fd16677130726357a196e3efe7107bcb6bdc6d9db2a4df7c964acfe81798433d300d06092a864886f70d01010505000331001a6c18cd1e457474b2d3912743f44b571341a7859a0122774a8e19a671680878936949f904c9255bdd6fffdb33a7e6d8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0
X509 CRT ASN1 (Unsupported critical extension)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:!MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509parse_crt:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011f0101ff0403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CRT ASN1 (Unsupported critical extension recognized by callback)
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index a6361d8..fea02f3 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -1173,7 +1173,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_KEY_USAGE */
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void x509_check_key_usage( char * crt_file, int usage, int ret )
{
mbedtls_x509_crt crt;
@@ -1189,7 +1189,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void x509_check_extended_key_usage( char * crt_file, data_t * oid, int ret
)
{